# HG changeset patch
# User Vladimir Homutov <vl@nginx.com>
# Date 1638443392 -10800
# Node ID 9680f0badc9562ca9a2db2b52d69d07be1d45d14
# Parent  a6a328ebd3625e0a907351206e7ac03172241b4e
QUIC: fixed using of retired connection id (ticket #2289).

RFC 9000 19.16
 The sequence number specified in a RETIRE_CONNECTION_ID frame MUST NOT
 refer to the Destination Connection ID field of the packet in which the
 frame is contained.

Before the patch, the RETIRE_CONNECTION_ID frame was sent before switching
to the new client id.  If retired client id was currently in use, this lead
to violation of the spec.

diff -r a6a328ebd362 -r 9680f0badc95 src/event/quic/ngx_event_quic_connid.c
--- a/src/event/quic/ngx_event_quic_connid.c	Thu Dec 02 13:59:56 2021 +0300
+++ b/src/event/quic/ngx_event_quic_connid.c	Thu Dec 02 14:09:52 2021 +0300
@@ -77,6 +77,7 @@
 ngx_quic_handle_new_connection_id_frame(ngx_connection_t *c,
     ngx_quic_new_conn_id_frame_t *f)
 {
+    uint64_t                seq;
     ngx_str_t               id;
     ngx_queue_t            *q;
     ngx_quic_client_id_t   *cid, *item;
@@ -173,10 +174,7 @@
         }
 
         /* this connection id must be retired */
-
-        if (ngx_quic_send_retire_connection_id(c, cid->seqnum) != NGX_OK) {
-            return NGX_ERROR;
-        }
+        seq = cid->seqnum;
 
         if (cid->refcnt) {
             /* we are going to retire client id which is in use */
@@ -187,6 +185,10 @@
         } else {
             ngx_quic_unref_client_id(c, cid);
         }
+
+        if (ngx_quic_send_retire_connection_id(c, seq) != NGX_OK) {
+            return NGX_ERROR;
+        }
     }
 
 done: