You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by ma...@apache.org on 2018/08/28 03:37:37 UTC
[trafficserver] branch quic-latest updated (171d0d0 -> f694413)
This is an automated email from the ASF dual-hosted git repository.
maskit pushed a change to branch quic-latest
in repository https://gitbox.apache.org/repos/asf/trafficserver.git.
from 171d0d0 Cast to appropriate frame type
new cb79e02 Remove ssl_handle() from QUICHandshake
new deaa9d0 Remove an unused member QUICTLS::_stateless
new f694413 Reduce dependency for SSL from QUICHandshake
The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
iocore/net/QUICNetVConnection.cc | 6 ++--
iocore/net/quic/Mock.h | 18 ++++++++++
iocore/net/quic/QUICHandshake.cc | 39 +++++++++-------------
iocore/net/quic/QUICHandshake.h | 5 ++-
iocore/net/quic/QUICHandshakeProtocol.h | 3 ++
iocore/net/quic/QUICTLS.cc | 24 +++++++++----
iocore/net/quic/QUICTLS.h | 13 ++++----
iocore/net/quic/QUICTLS_openssl.cc | 12 ++++---
iocore/net/quic/test/test_QUICHandshakeProtocol.cc | 4 +--
9 files changed, 77 insertions(+), 47 deletions(-)
[trafficserver] 02/03: Remove an unused member QUICTLS::_stateless
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
maskit pushed a commit to branch quic-latest
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
commit deaa9d0cd1b4b21760a53b35304c6afcb8a71a12
Author: Masakazu Kitajo <ma...@apache.org>
AuthorDate: Tue Aug 28 12:05:19 2018 +0900
Remove an unused member QUICTLS::_stateless
---
iocore/net/quic/QUICHandshake.cc | 2 +-
iocore/net/quic/QUICTLS.h | 2 --
iocore/net/quic/QUICTLS_openssl.cc | 6 ++----
3 files changed, 3 insertions(+), 7 deletions(-)
diff --git a/iocore/net/quic/QUICHandshake.cc b/iocore/net/quic/QUICHandshake.cc
index 96ab765..dc5834e 100644
--- a/iocore/net/quic/QUICHandshake.cc
+++ b/iocore/net/quic/QUICHandshake.cc
@@ -92,7 +92,7 @@ QUICHandshake::QUICHandshake(QUICConnection *qc, SSL_CTX *ssl_ctx) : QUICHandsha
QUICHandshake::QUICHandshake(QUICConnection *qc, SSL_CTX *ssl_ctx, QUICStatelessResetToken token, bool stateless_retry)
: _qc(qc),
_ssl(SSL_new(ssl_ctx)),
- _hs_protocol(new QUICTLS(this->_ssl, qc->direction(), stateless_retry)),
+ _hs_protocol(new QUICTLS(this->_ssl, qc->direction())),
_version_negotiator(new QUICVersionNegotiator()),
_reset_token(token),
_stateless_retry(stateless_retry)
diff --git a/iocore/net/quic/QUICTLS.h b/iocore/net/quic/QUICTLS.h
index febdedf..d7c8cbc 100644
--- a/iocore/net/quic/QUICTLS.h
+++ b/iocore/net/quic/QUICTLS.h
@@ -40,7 +40,6 @@ class QUICTLS : public QUICHandshakeProtocol
{
public:
QUICTLS(SSL *ssl, NetVConnectionContext_t nvc_ctx);
- QUICTLS(SSL *ssl, NetVConnectionContext_t nvc_ctx, bool stateless);
~QUICTLS();
// TODO: integrate with _early_data_processed
@@ -97,7 +96,6 @@ private:
QUICPacketProtection *_client_pp = nullptr;
QUICPacketProtection *_server_pp = nullptr;
NetVConnectionContext_t _netvc_context = NET_VCONNECTION_UNSET;
- bool _stateless = false;
bool _early_data_processed = false;
bool _early_data = true;
QUICEncryptionLevel _current_level = QUICEncryptionLevel::INITIAL;
diff --git a/iocore/net/quic/QUICTLS_openssl.cc b/iocore/net/quic/QUICTLS_openssl.cc
index 9c1be67..319195b 100644
--- a/iocore/net/quic/QUICTLS_openssl.cc
+++ b/iocore/net/quic/QUICTLS_openssl.cc
@@ -215,10 +215,8 @@ QUICTLS::update_key_materials_on_key_cb(std::unique_ptr<KeyMaterial> km, int nam
return;
}
-QUICTLS::QUICTLS(SSL *ssl, NetVConnectionContext_t nvc_ctx) : QUICTLS(ssl, nvc_ctx, false) {}
-
-QUICTLS::QUICTLS(SSL *ssl, NetVConnectionContext_t nvc_ctx, bool stateless)
- : QUICHandshakeProtocol(), _ssl(ssl), _netvc_context(nvc_ctx), _stateless(stateless)
+QUICTLS::QUICTLS(SSL *ssl, NetVConnectionContext_t nvc_ctx)
+ : QUICHandshakeProtocol(), _ssl(ssl), _netvc_context(nvc_ctx)
{
ink_assert(this->_netvc_context != NET_VCONNECTION_UNSET);
[trafficserver] 01/03: Remove ssl_handle() from QUICHandshake
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
maskit pushed a commit to branch quic-latest
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
commit cb79e0257d04b2110dd310d3a1378c99c651e9c2
Author: Masakazu Kitajo <ma...@apache.org>
AuthorDate: Tue Aug 28 11:28:36 2018 +0900
Remove ssl_handle() from QUICHandshake
---
iocore/net/quic/Mock.h | 13 +++++++++++++
iocore/net/quic/QUICHandshake.cc | 14 ++------------
iocore/net/quic/QUICHandshakeProtocol.h | 2 ++
iocore/net/quic/QUICTLS.cc | 18 ++++++++++++------
iocore/net/quic/QUICTLS.h | 5 ++---
5 files changed, 31 insertions(+), 21 deletions(-)
diff --git a/iocore/net/quic/Mock.h b/iocore/net/quic/Mock.h
index 15bd188..b282b8c 100644
--- a/iocore/net/quic/Mock.h
+++ b/iocore/net/quic/Mock.h
@@ -556,6 +556,19 @@ public:
return 0;
}
+ const char *
+ negotiated_cipher_suite() const override
+ {
+ return nullptr;
+ }
+
+ void
+ negotiated_application_name(const uint8_t **name, unsigned int *len) const override
+ {
+ *name = reinterpret_cast<const uint8_t *>("hq");
+ *len = 2;
+ }
+
bool
encrypt(uint8_t *cipher, size_t &cipher_len, size_t max_cipher_len, const uint8_t *plain, size_t plain_len, uint64_t pkt_num,
const uint8_t *ad, size_t ad_len, QUICKeyPhase phase) const override
diff --git a/iocore/net/quic/QUICHandshake.cc b/iocore/net/quic/QUICHandshake.cc
index 17d1144..96ab765 100644
--- a/iocore/net/quic/QUICHandshake.cc
+++ b/iocore/net/quic/QUICHandshake.cc
@@ -219,23 +219,13 @@ QUICHandshake::negotiated_version()
const char *
QUICHandshake::negotiated_cipher_suite()
{
- // FIXME Generalize and remove dynamic_cast
- QUICTLS *hs_tls = dynamic_cast<QUICTLS *>(this->_hs_protocol);
- if (hs_tls) {
- return SSL_get_cipher_name(hs_tls->ssl_handle());
- }
-
- return nullptr;
+ return this->_hs_protocol->negotiated_cipher_suite();
}
void
QUICHandshake::negotiated_application_name(const uint8_t **name, unsigned int *len)
{
- // FIXME Generalize and remove dynamic_cast
- QUICTLS *hs_tls = dynamic_cast<QUICTLS *>(this->_hs_protocol);
- if (hs_tls) {
- SSL_get0_alpn_selected(hs_tls->ssl_handle(), name, len);
- }
+ this->_hs_protocol->negotiated_application_name(name, len);
}
void
diff --git a/iocore/net/quic/QUICHandshakeProtocol.h b/iocore/net/quic/QUICHandshakeProtocol.h
index 88dc369..3627e41 100644
--- a/iocore/net/quic/QUICHandshakeProtocol.h
+++ b/iocore/net/quic/QUICHandshakeProtocol.h
@@ -76,6 +76,8 @@ public:
virtual bool is_key_derived(QUICKeyPhase key_phase, bool for_encryption) const = 0;
virtual int initialize_key_materials(QUICConnectionId cid) = 0;
virtual int update_key_materials() = 0;
+ virtual const char *negotiated_cipher_suite() const = 0;
+ virtual void negotiated_application_name(const uint8_t **name, unsigned int *len) const = 0;
virtual bool encrypt(uint8_t *cipher, size_t &cipher_len, size_t max_cipher_len, const uint8_t *plain, size_t plain_len,
uint64_t pkt_num, const uint8_t *ad, size_t ad_len, QUICKeyPhase phase) const = 0;
virtual bool decrypt(uint8_t *plain, size_t &plain_len, size_t max_plain_len, const uint8_t *cipher, size_t cipher_len,
diff --git a/iocore/net/quic/QUICTLS.cc b/iocore/net/quic/QUICTLS.cc
index fb8803e..21b3599 100644
--- a/iocore/net/quic/QUICTLS.cc
+++ b/iocore/net/quic/QUICTLS.cc
@@ -122,6 +122,18 @@ QUICTLS::update_key_materials()
return 1;
}
+const char *
+QUICTLS::negotiated_cipher_suite() const
+{
+ return SSL_get_cipher_name(this->_ssl);
+}
+
+void
+QUICTLS::negotiated_application_name(const uint8_t **name, unsigned int *len) const
+{
+ SSL_get0_alpn_selected(this->_ssl, name, len);
+}
+
QUICEncryptionLevel
QUICTLS::current_encryption_level() const
{
@@ -146,12 +158,6 @@ QUICTLS::_update_encryption_level(QUICEncryptionLevel level)
return;
}
-SSL *
-QUICTLS::ssl_handle()
-{
- return this->_ssl;
-}
-
bool
QUICTLS::encrypt(uint8_t *cipher, size_t &cipher_len, size_t max_cipher_len, const uint8_t *plain, size_t plain_len,
uint64_t pkt_num, const uint8_t *ad, size_t ad_len, QUICKeyPhase phase) const
diff --git a/iocore/net/quic/QUICTLS.h b/iocore/net/quic/QUICTLS.h
index 81fd96d..febdedf 100644
--- a/iocore/net/quic/QUICTLS.h
+++ b/iocore/net/quic/QUICTLS.h
@@ -58,6 +58,8 @@ public:
int initialize_key_materials(QUICConnectionId cid) override;
int update_key_materials() override;
void update_key_materials_on_key_cb(std::unique_ptr<KeyMaterial> km, int name);
+ const char *negotiated_cipher_suite() const override;
+ void negotiated_application_name(const uint8_t **name, unsigned int *len) const override;
bool encrypt(uint8_t *cipher, size_t &cipher_len, size_t max_cipher_len, const uint8_t *plain, size_t plain_len, uint64_t pkt_num,
const uint8_t *ad, size_t ad_len, QUICKeyPhase phase) const override;
bool decrypt(uint8_t *plain, size_t &plain_len, size_t max_plain_len, const uint8_t *cipher, size_t cipher_len, uint64_t pkt_num,
@@ -69,9 +71,6 @@ public:
QUICEncryptionLevel current_encryption_level() const override;
void abort_handshake() override;
- // FIXME SSL handle should not be exported
- SSL *ssl_handle();
-
private:
QUICKeyGenerator _keygen_for_client = QUICKeyGenerator(QUICKeyGenerator::Context::CLIENT);
QUICKeyGenerator _keygen_for_server = QUICKeyGenerator(QUICKeyGenerator::Context::SERVER);
[trafficserver] 03/03: Reduce dependency for SSL from QUICHandshake
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
maskit pushed a commit to branch quic-latest
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
commit f694413937f4a380b71c677a07f76a7595d3918f
Author: Masakazu Kitajo <ma...@apache.org>
AuthorDate: Tue Aug 28 12:35:47 2018 +0900
Reduce dependency for SSL from QUICHandshake
---
iocore/net/QUICNetVConnection.cc | 6 ++++--
iocore/net/quic/Mock.h | 5 +++++
iocore/net/quic/QUICHandshake.cc | 25 +++++++++++-----------
iocore/net/quic/QUICHandshake.h | 5 ++---
iocore/net/quic/QUICHandshakeProtocol.h | 1 +
iocore/net/quic/QUICTLS.cc | 6 ++++++
iocore/net/quic/QUICTLS.h | 6 +++++-
iocore/net/quic/QUICTLS_openssl.cc | 10 +++++++--
iocore/net/quic/test/test_QUICHandshakeProtocol.cc | 4 ++--
9 files changed, 46 insertions(+), 22 deletions(-)
diff --git a/iocore/net/QUICNetVConnection.cc b/iocore/net/QUICNetVConnection.cc
index 2b833b3..6c0d1c4 100644
--- a/iocore/net/QUICNetVConnection.cc
+++ b/iocore/net/QUICNetVConnection.cc
@@ -32,6 +32,7 @@
#include "Log.h"
#include "P_SSLNextProtocolSet.h"
+#include "QUICTLS.h"
#include "QUICStats.h"
#include "QUICConfig.h"
@@ -204,9 +205,10 @@ QUICNetVConnection::start()
// Version 0x00000001 uses stream 0 for cryptographic handshake with TLS 1.3, but newer version may not
if (this->direction() == NET_VCONNECTION_IN) {
this->_reset_token.generate(this->_quic_connection_id, params->server_id());
- this->_handshake_handler = new QUICHandshake(this, params->server_ssl_ctx(), this->_reset_token, params->stateless_retry());
+ this->_handshake_handler = new QUICHandshake(this, new QUICTLS(params->server_ssl_ctx(), this->direction()), this->_reset_token,
+ params->stateless_retry());
} else {
- this->_handshake_handler = new QUICHandshake(this, params->client_ssl_ctx());
+ this->_handshake_handler = new QUICHandshake(this, new QUICTLS(params->client_ssl_ctx(), this->direction()));
this->_handshake_handler->start(&this->_packet_factory, params->vn_exercise_enabled());
this->_handshake_handler->do_handshake();
}
diff --git a/iocore/net/quic/Mock.h b/iocore/net/quic/Mock.h
index b282b8c..dff1afa 100644
--- a/iocore/net/quic/Mock.h
+++ b/iocore/net/quic/Mock.h
@@ -526,6 +526,11 @@ public:
return true;
}
+ void
+ reset() override
+ {
+ }
+
bool
is_handshake_finished() const override
{
diff --git a/iocore/net/quic/QUICHandshake.cc b/iocore/net/quic/QUICHandshake.cc
index dc5834e..b13028c 100644
--- a/iocore/net/quic/QUICHandshake.cc
+++ b/iocore/net/quic/QUICHandshake.cc
@@ -25,9 +25,6 @@
#include <utility>
-#include "P_SSLNextProtocolSet.h"
-#include "P_VConnection.h"
-
#include "QUICTLS.h"
#include "QUICEvents.h"
#include "QUICGlobals.h"
@@ -87,18 +84,22 @@ static constexpr int UDP_MAXIMUM_PAYLOAD_SIZE = 65527;
// TODO: fix size
static constexpr int MAX_HANDSHAKE_MSG_LEN = 65527;
-QUICHandshake::QUICHandshake(QUICConnection *qc, SSL_CTX *ssl_ctx) : QUICHandshake(qc, ssl_ctx, {}, false) {}
+QUICHandshake::QUICHandshake(QUICConnection *qc, QUICHandshakeProtocol *hsp) : QUICHandshake(qc, hsp, {}, false) {}
-QUICHandshake::QUICHandshake(QUICConnection *qc, SSL_CTX *ssl_ctx, QUICStatelessResetToken token, bool stateless_retry)
+QUICHandshake::QUICHandshake(QUICConnection *qc, QUICHandshakeProtocol *hsp, QUICStatelessResetToken token, bool stateless_retry)
: _qc(qc),
- _ssl(SSL_new(ssl_ctx)),
- _hs_protocol(new QUICTLS(this->_ssl, qc->direction())),
+ _hs_protocol(hsp),
_version_negotiator(new QUICVersionNegotiator()),
_reset_token(token),
_stateless_retry(stateless_retry)
{
- SSL_set_ex_data(this->_ssl, QUIC::ssl_quic_qc_index, qc);
- SSL_set_ex_data(this->_ssl, QUIC::ssl_quic_hs_index, this);
+ // FIXME These should be done in another way
+ if (dynamic_cast<QUICTLS *>(hsp)) {
+ SSL *ssl = static_cast<QUICTLS *>(hsp)->ssl_handle();
+ SSL_set_ex_data(ssl, QUIC::ssl_quic_qc_index, qc);
+ SSL_set_ex_data(ssl, QUIC::ssl_quic_hs_index, this);
+ }
+
this->_hs_protocol->initialize_key_materials(this->_qc->original_connection_id());
if (this->_qc->direction() == NET_VCONNECTION_OUT) {
@@ -108,7 +109,7 @@ QUICHandshake::QUICHandshake(QUICConnection *qc, SSL_CTX *ssl_ctx, QUICStateless
QUICHandshake::~QUICHandshake()
{
- SSL_free(this->_ssl);
+ delete this->_hs_protocol;
}
QUICErrorUPtr
@@ -188,7 +189,7 @@ QUICHandshake::is_version_negotiated() const
bool
QUICHandshake::is_completed() const
{
- return SSL_is_init_finished(this->_ssl);
+ return this->_hs_protocol->is_handshake_finished();
}
bool
@@ -308,7 +309,7 @@ void
QUICHandshake::reset()
{
this->_client_initial = true;
- SSL_clear(this->_ssl);
+ this->_hs_protocol->reset();
for (auto level : QUIC_ENCRYPTION_LEVELS) {
int index = static_cast<int>(level);
diff --git a/iocore/net/quic/QUICHandshake.h b/iocore/net/quic/QUICHandshake.h
index eb79f4a..c5ef75d 100644
--- a/iocore/net/quic/QUICHandshake.h
+++ b/iocore/net/quic/QUICHandshake.h
@@ -40,9 +40,9 @@ class QUICHandshake : public QUICFrameHandler, public QUICFrameGenerator
{
public:
// Constructor for client side
- QUICHandshake(QUICConnection *qc, SSL_CTX *ssl_ctx);
+ QUICHandshake(QUICConnection *qc, QUICHandshakeProtocol *hsp);
// Constructor for server side
- QUICHandshake(QUICConnection *qc, SSL_CTX *ssl_ctx, QUICStatelessResetToken token, bool stateless_retry);
+ QUICHandshake(QUICConnection *qc, QUICHandshakeProtocol *hsp, QUICStatelessResetToken token, bool stateless_retry);
~QUICHandshake();
// QUICFrameHandler
@@ -82,7 +82,6 @@ public:
private:
QUICConnection *_qc = nullptr;
- SSL *_ssl = nullptr;
QUICHandshakeProtocol *_hs_protocol = nullptr;
std::shared_ptr<QUICTransportParameters> _local_transport_parameters = nullptr;
std::shared_ptr<QUICTransportParameters> _remote_transport_parameters = nullptr;
diff --git a/iocore/net/quic/QUICHandshakeProtocol.h b/iocore/net/quic/QUICHandshakeProtocol.h
index 3627e41..abc4410 100644
--- a/iocore/net/quic/QUICHandshakeProtocol.h
+++ b/iocore/net/quic/QUICHandshakeProtocol.h
@@ -71,6 +71,7 @@ public:
virtual ~QUICHandshakeProtocol(){};
virtual int handshake(QUICHandshakeMsgs *out, const QUICHandshakeMsgs *in) = 0;
+ virtual void reset() = 0;
virtual bool is_handshake_finished() const = 0;
virtual bool is_ready_to_derive() const = 0;
virtual bool is_key_derived(QUICKeyPhase key_phase, bool for_encryption) const = 0;
diff --git a/iocore/net/quic/QUICTLS.cc b/iocore/net/quic/QUICTLS.cc
index 21b3599..bfbff38 100644
--- a/iocore/net/quic/QUICTLS.cc
+++ b/iocore/net/quic/QUICTLS.cc
@@ -31,6 +31,12 @@
constexpr static char tag[] = "quic_tls";
+SSL *
+QUICTLS::ssl_handle()
+{
+ return this->_ssl;
+}
+
QUICTLS::~QUICTLS()
{
SSL_free(this->_ssl);
diff --git a/iocore/net/quic/QUICTLS.h b/iocore/net/quic/QUICTLS.h
index d7c8cbc..7e040ac 100644
--- a/iocore/net/quic/QUICTLS.h
+++ b/iocore/net/quic/QUICTLS.h
@@ -39,7 +39,7 @@
class QUICTLS : public QUICHandshakeProtocol
{
public:
- QUICTLS(SSL *ssl, NetVConnectionContext_t nvc_ctx);
+ QUICTLS(SSL_CTX *ssl_ctx, NetVConnectionContext_t nvc_ctx);
~QUICTLS();
// TODO: integrate with _early_data_processed
@@ -50,7 +50,11 @@ public:
static QUICEncryptionLevel get_encryption_level(int msg_type);
+ // FIXME Should not exist
+ SSL *ssl_handle();
+
int handshake(QUICHandshakeMsgs *out, const QUICHandshakeMsgs *in) override;
+ void reset() override;
bool is_handshake_finished() const override;
bool is_ready_to_derive() const override;
bool is_key_derived(QUICKeyPhase key_phase, bool for_encryption) const override;
diff --git a/iocore/net/quic/QUICTLS_openssl.cc b/iocore/net/quic/QUICTLS_openssl.cc
index 319195b..6f3d25f 100644
--- a/iocore/net/quic/QUICTLS_openssl.cc
+++ b/iocore/net/quic/QUICTLS_openssl.cc
@@ -215,8 +215,8 @@ QUICTLS::update_key_materials_on_key_cb(std::unique_ptr<KeyMaterial> km, int nam
return;
}
-QUICTLS::QUICTLS(SSL *ssl, NetVConnectionContext_t nvc_ctx)
- : QUICHandshakeProtocol(), _ssl(ssl), _netvc_context(nvc_ctx)
+QUICTLS::QUICTLS(SSL_CTX *ssl_ctx, NetVConnectionContext_t nvc_ctx)
+ : QUICHandshakeProtocol(), _ssl(SSL_new(ssl_ctx)), _netvc_context(nvc_ctx)
{
ink_assert(this->_netvc_context != NET_VCONNECTION_UNSET);
@@ -303,6 +303,12 @@ QUICTLS::handshake(QUICHandshakeMsgs *out, const QUICHandshakeMsgs *in)
return 1;
}
+void
+QUICTLS::reset()
+{
+ SSL_clear(this->_ssl);
+}
+
int
QUICTLS::_read_early_data()
{
diff --git a/iocore/net/quic/test/test_QUICHandshakeProtocol.cc b/iocore/net/quic/test/test_QUICHandshakeProtocol.cc
index 22bbfe8..818cf8a 100644
--- a/iocore/net/quic/test/test_QUICHandshakeProtocol.cc
+++ b/iocore/net/quic/test/test_QUICHandshakeProtocol.cc
@@ -164,7 +164,7 @@ TEST_CASE("QUICHandshakeProtocol Full Handshake", "[quic]")
#ifdef SSL_MODE_QUIC_HACK
SSL_CTX_set_mode(client_ssl_ctx, SSL_MODE_QUIC_HACK);
#endif
- QUICHandshakeProtocol *client = new QUICTLS(SSL_new(client_ssl_ctx), NET_VCONNECTION_OUT);
+ QUICHandshakeProtocol *client = new QUICTLS(client_ssl_ctx, NET_VCONNECTION_OUT);
// Server
SSL_CTX *server_ssl_ctx = SSL_CTX_new(TLS_method());
@@ -180,7 +180,7 @@ TEST_CASE("QUICHandshakeProtocol Full Handshake", "[quic]")
BIO *key_bio(BIO_new_mem_buf(server_key, sizeof(server_key)));
EVP_PKEY *pkey = PEM_read_bio_PrivateKey(key_bio, nullptr, nullptr, nullptr);
SSL_CTX_use_PrivateKey(server_ssl_ctx, pkey);
- QUICHandshakeProtocol *server = new QUICTLS(SSL_new(server_ssl_ctx), NET_VCONNECTION_IN);
+ QUICHandshakeProtocol *server = new QUICTLS(server_ssl_ctx, NET_VCONNECTION_IN);
BIO_free(crt_bio);
BIO_free(key_bio);