QUIC: discarding 0-RTT keys.

For simplicity, this is done on successful decryption of a 1-RTT packet.

Author: pluknet

src/event/quic/ngx_event_quic.c

@@ -1022,6 +1022,16 @@ ngx_quic_handle_payload(ngx_connection_t *c, ngx_quic_header_t *pkt)
         }
     }
 
+    if (pkt->level == ssl_encryption_application) {
+        /*
+         * RFC 9001, 4.9.3.  Discarding 0-RTT Keys
+         *
+         * After receiving a 1-RTT packet, servers MUST discard
+         * 0-RTT keys within a short time
+         */
+        ngx_quic_discard_ctx(c, ssl_encryption_early_data);
+    }
+
     if (qc->closing) {
         /*
          * RFC 9000, 10.2.  Immediate Close