public/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Exclude retry test with msquic server from interop

Browse source 
With the addition of larger ml-kem keys in our tls handshake, we've
uncovered a interop failure, as described here:
https://github.com/microsoft/msquic/issues/4905

In short, when we send a client hello that spans multiple datagrams, the
servers sends an ACK frame in a datagram prior to sending its server
hello.  msquic however, recomputes a new SCID always when sending its
sserver hello, which is fine nominally, but because in this test the
server sends a retry frame to update the SCID, followed by an ACK using
that SCID (which is an initial packet), msquic violates the RFC in
section 7.2 which states:

Once a client has received a valid Initial packet from the server, it MUST
discard any subsequent packet it receives on that connection with a
different Source Connection ID

Because msquic sent an initial packet with that ACK frame, we are
required to discard subsequent frames on the connection containing a
different SCID.

Until msquic fixes that in their implementation we are going to fail the
retry interop test, so for now, lets exclude the test.

Also, while we're at it, re-add chrome into the client list for our
server tests, as that seems to have been lost during the merge.

Fixes openssl/project#1132

Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27014)
This commit is contained in:
Neil Horman 2025-03-09 15:19:40 -04:00
parent b2762763e9
commit 2fb4cfe143
1 changed files with 4 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

5
.github/workflows/run_quic_interop.yml vendored
View file

@ -12,6 +12,9 @@ jobs:
matrix:
tests: [http3, transfer, handshake, retry, chacha20, resumption, multiplexing, ipv6]
servers: [quic-go, ngtcp2, mvfst, quiche, nginx, msquic, haproxy]
exclude:
- clients: msquic
tests: retry
fail-fast: false
runs-on: ubuntu-latest
steps:
@ -39,7 +42,7 @@ jobs:
strategy:
matrix:
tests: [http3, transfer, handshake, retry, chacha20, resumption, amplificationlimit, ipv6]
clients: [quic-go, ngtcp2, mvfst, quiche, msquic, openssl]
clients: [quic-go, ngtcp2, mvfst, quiche, msquic, openssl, chrome]
exclude:
- clients: mvfst
tests: amplificationlimit