MEDIUM: streams: Add a way to replay failed 0rtt requests.
Add a new keyword for retry-on, 0rtt-rejected. If set, we will try to
replay requests for which we sent early data that got rejected by the
server.
If that option is set, we will attempt to use 0rtt if "allow-0rtt" is set
on the server line even if the client didn't send early data.
diff --git a/src/backend.c b/src/backend.c
index e4f58df..ae704de 100644
--- a/src/backend.c
+++ b/src/backend.c
@@ -1585,9 +1585,16 @@
#ifdef USE_OPENSSL
if (!reuse && cli_conn && srv &&
(srv->ssl_ctx.options & SRV_SSL_O_EARLY_DATA) &&
- (cli_conn->flags & CO_FL_EARLY_DATA) &&
- !channel_is_empty(si_oc(&s->si[1])) &&
- srv_conn->flags & CO_FL_SSL_WAIT_HS)
+ /* Only attempt to use early data if either the client sent
+ * early data, so that we know it can handle a 425, or if
+ * we are allwoed to retry requests on early data failure, and
+ * it's our first try
+ */
+ ((cli_conn->flags & CO_FL_EARLY_DATA) ||
+ ((s->be->retry_type & PR_RE_EARLY_ERROR) &&
+ s->si[1].conn_retries == s->be->conn_retries)) &&
+ !channel_is_empty(si_oc(&s->si[1])) &&
+ srv_conn->flags & CO_FL_SSL_WAIT_HS)
srv_conn->flags &= ~(CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN);
#endif