Skip to content

quic: send correct OpenSSL alert for ALPN mismatches#63193

Merged
nodejs-github-bot merged 1 commit into
nodejs:mainfrom
pimterry:fix-alpn-code
May 15, 2026
Merged

quic: send correct OpenSSL alert for ALPN mismatches#63193
nodejs-github-bot merged 1 commit into
nodejs:mainfrom
pimterry:fix-alpn-code

Conversation

@pimterry
Copy link
Copy Markdown
Member

@pimterry pimterry commented May 8, 2026

Currently if the QUIC server doesn't agree with any of the client's proposed protocols, it returns SSL_TLSEXT_ERR_NOACK to OpenSSL, which in normal TLS acts as "ignore ALPN". Since it's obligatory in QUIC this doesn't work - the resulting test checking this was actually receiving an internal_error alert (336n) on the wire when this happened. This does fail the connection, but it's clearly not correct.

We now return SSL_TLSEXT_ERR_ALERT_FATAL instead, which sends the proper no_application_protocol TLS alert to the client instead, as required by the RFC.

This has notably pointed out to me that we have no nice error messages in here: on the JS side, these just reference the raw error code (now 376n) with no other info. I'll bring in a general fix for error handling in another PR, watch this space.

@nodejs-github-bot
Copy link
Copy Markdown
Collaborator

nodejs-github-bot commented May 8, 2026

Review requested:

  • @nodejs/quic

@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. needs-ci PRs that need a full CI run. quic Issues and PRs related to the QUIC implementation / HTTP/3. labels May 8, 2026
@pimterry
quic: send correct OpenSSL alert for ALPN mismatches
a4a20cc 
Signed-off-by: Tim Perry <pimterry@gmail.com>
@codecov
Copy link
Copy Markdown

codecov Bot commented May 8, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 90.04%. Comparing base (b5da751) to head (a4a20cc).
⚠️ Report is 59 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff            @@
##             main   #63193    +/-   ##
========================================
  Coverage   90.03%   90.04%            
========================================
  Files         713      713            
  Lines      224510   224926   +416     
  Branches    42438    42533    +95     
========================================
+ Hits       202148   202535   +387     
- Misses      14163    14175    +12     
- Partials     8199     8216    +17

see 45 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@nodejs-github-bot
Copy link
Copy Markdown
Collaborator

nodejs-github-bot commented May 14, 2026

CI: https://ci.nodejs.org/job/node-test-pull-request/73431/

@nodejs-github-bot
Copy link
Copy Markdown
Collaborator

nodejs-github-bot commented May 14, 2026
edited by jasnell
Loading

CI: https://ci.nodejs.org/job/node-test-pull-request/73451/ 💛

@jasnell jasnell added the commit-queue Add this label to land a pull request using GitHub Actions. label May 15, 2026
@nodejs-github-bot nodejs-github-bot removed the commit-queue Add this label to land a pull request using GitHub Actions. label May 15, 2026
@nodejs-github-bot nodejs-github-bot merged commit f190a04 into nodejs:main May 15, 2026
69 of 70 checks passed
@nodejs-github-bot
Copy link
Copy Markdown
Collaborator

nodejs-github-bot commented May 15, 2026

Landed in f190a04

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jasnell jasnell jasnell approved these changes

Assignees

No one assigned

Labels

c++ Issues and PRs that require attention from people who are familiar with C++. needs-ci PRs that need a full CI run. quic Issues and PRs related to the QUIC implementation / HTTP/3.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@pimterry @nodejs-github-bot @jasnell