commit 865d8392bbe86656db72d9e9ec1dba718cb13525
author Olivier Houchard <cognet@ci0.org> Fri May 03 22:46:27 2019 +0200
committer Willy Tarreau <w@1wt.eu> Sat May 04 10:20:24 2019 +0200
tree fa72a792740c3496f52076503db8dbf36e91f687
parent a254a37ad70e8ff266ff3d69ab16eb5303163f7b

MEDIUM: streams: Add a way to replay failed 0rtt requests.

Add a new keyword for retry-on, 0rtt-rejected. If set, we will try to
replay requests for which we sent early data that got rejected by the
server.
If that option is set, we will attempt to use 0rtt if "allow-0rtt" is set
on the server line even if the client didn't send early data.

src/backend.c

diff --git a/src/backend.c b/src/backend.c
index e4f58df..ae704de 100644
--- a/src/backend.c
+++ b/src/backend.c
@@ -1585,9 +1585,16 @@
 #ifdef USE_OPENSSL
 	if (!reuse && cli_conn && srv &&
 	    (srv->ssl_ctx.options & SRV_SSL_O_EARLY_DATA) &&
-		    (cli_conn->flags & CO_FL_EARLY_DATA) &&
-		    !channel_is_empty(si_oc(&s->si[1])) &&
-		    srv_conn->flags & CO_FL_SSL_WAIT_HS)
+	    /* Only attempt to use early data if either the client sent
+	     * early data, so that we know it can handle a 425, or if
+	     * we are allwoed to retry requests on early data failure, and
+	     * it's our first try
+	     */
+	    ((cli_conn->flags & CO_FL_EARLY_DATA) ||
+	     ((s->be->retry_type & PR_RE_EARLY_ERROR) &&
+	      s->si[1].conn_retries == s->be->conn_retries)) &&
+	    !channel_is_empty(si_oc(&s->si[1])) &&
+	    srv_conn->flags & CO_FL_SSL_WAIT_HS)
 		srv_conn->flags &= ~(CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN);
 #endif