Skip to content

Send first-flight transport closes after post-auth errors#2521

Open
snvtac wants to merge 1 commit into
cloudflare:masterfrom
snvtac:snvtac/2515-first-flight-connection-close
Open

Send first-flight transport closes after post-auth errors#2521
snvtac wants to merge 1 commit into
cloudflare:masterfrom
snvtac:snvtac/2515-first-flight-connection-close

Conversation

@snvtac

@snvtac snvtac commented Jun 26, 2026

Copy link
Copy Markdown

Summary

  • keep first-flight post-auth transport errors sendable instead of immediately marking the connection closed when recv_count is still zero
  • prefer an Initial CONNECTION_CLOSE only for authenticated first-flight errors while Initial keys are still available
  • extend missing_initial_source_connection_id to verify the server emits an Initial close that the client processes as TRANSPORT_PARAMETER_ERROR

Fixes #2515.

Validation

  • git diff --check
  • cargo test -p quiche missing_initial_source_connection_id -- --nocapture
  • cargo test -p quiche invalid_initial -- --nocapture
  • cargo test -p quiche local_error -- --nocapture
  • cargo test -p quiche close -- --nocapture
  • RUSTFLAGS="-D warnings" cargo test -p quiche --all-targets
  • RUSTFLAGS="-D warnings" cargo clippy -p quiche --all-targets -- -D warnings
  • RUSTFLAGS="-D warnings" cargo test --all-targets --features=async,ffi,qlog --workspace
  • RUSTFLAGS="-D warnings" cargo clippy --features=async,ffi,qlog --workspace -- -D warnings

@snvtac snvtac requested a review from a team as a code owner June 26, 2026 07:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

First-flight transport errors can make pending CONNECTION_CLOSE unsendable

1 participant