From f1d5a1a4de297b7b751b867132525db83eb7fac1 Mon Sep 17 00:00:00 2001
From: Dmitri Tikhonov <dtikhonov@litespeedtech.com>
Date: Tue, 23 Feb 2021 12:18:50 -0500
Subject: [PATCH] Release 2.29.2

- Fix regression in gQUIC server: bug #234.
---
 CHANGELOG                        |  4 ++++
 docs/conf.py                     |  2 +-
 include/lsquic.h                 |  2 +-
 src/liblsquic/lsquic_handshake.c | 30 +++++++++++++++++++++---------
 4 files changed, 27 insertions(+), 11 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 9f4c7ef..4db48dd 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,3 +1,7 @@
+2021-02-23
+    - 2.29.2
+    - Fix regression in gQUIC server: bug #234.
+
 2021-02-18
     - 2.29.1
     - Make it possible to build the library and unit tests without
diff --git a/docs/conf.py b/docs/conf.py
index d8dd481..129a79d 100644
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -26,7 +26,7 @@ author = u'LiteSpeed Technologies'
 # The short X.Y version
 version = u'2.29'
 # The full version, including alpha/beta/rc tags
-release = u'2.29.1'
+release = u'2.29.2'
 
 
 # -- General configuration ---------------------------------------------------
diff --git a/include/lsquic.h b/include/lsquic.h
index d729a91..88cf718 100644
--- a/include/lsquic.h
+++ b/include/lsquic.h
@@ -25,7 +25,7 @@ extern "C" {
 
 #define LSQUIC_MAJOR_VERSION 2
 #define LSQUIC_MINOR_VERSION 29
-#define LSQUIC_PATCH_VERSION 1
+#define LSQUIC_PATCH_VERSION 2
 
 /**
  * Engine flags:
diff --git a/src/liblsquic/lsquic_handshake.c b/src/liblsquic/lsquic_handshake.c
index 114be43..b78d0d2 100644
--- a/src/liblsquic/lsquic_handshake.c
+++ b/src/liblsquic/lsquic_handshake.c
@@ -1887,7 +1887,7 @@ get_valid_scfg (const struct lsquic_enc_session *enc_session,
 
 
 static int
-generate_crt (struct lsquic_enc_session *enc_session)
+generate_crt (struct lsquic_enc_session *enc_session, int common_case)
 {
     int i, n, len, crt_num, rv = -1;
     lsquic_str_t **crts;
@@ -1926,13 +1926,16 @@ generate_crt (struct lsquic_enc_session *enc_session)
     if (!ccert)
         goto cleanup;
 
-    if (SSL_CTX_set_ex_data(ctx, s_ccrt_idx, ccert))
-        ++ccert->refcnt;
-    else
+    if (common_case)
     {
-        free(ccert);
-        ccert = NULL;
-        goto cleanup;
+        if (SSL_CTX_set_ex_data(ctx, s_ccrt_idx, ccert))
+            ++ccert->refcnt;
+        else
+        {
+            free(ccert);
+            ccert = NULL;
+            goto cleanup;
+        }
     }
 
     ++ccert->refcnt;
@@ -1966,6 +1969,7 @@ gen_rej1_data (struct lsquic_enc_session *enc_session, uint8_t *data,
     hs_ctx_t *const hs_ctx = &enc_session->hs_ctx;
     int scfg_len = enc_session->server_config->lsc_scfg->info.scfg_len;
     uint8_t *scfg_data = enc_session->server_config->lsc_scfg->scfg;
+    int common_case;
     size_t msg_len;
     struct message_writer mw;
     uint64_t sttl;
@@ -1989,13 +1993,21 @@ gen_rej1_data (struct lsquic_enc_session *enc_session, uint8_t *data,
         hs_ctx->ccert = NULL;
     }
 
-    hs_ctx->ccert = SSL_CTX_get_ex_data(ctx, s_ccrt_idx);
+    /**
+     * Only cache hs_ctx->ccs is the hardcoded common certs and hs_ctx->ccrt is empty case
+     * This is the most common case
+     */
+    common_case = lsquic_str_len(&hs_ctx->ccrt) == 0
+               && lsquic_str_bcmp(&hs_ctx->ccs, lsquic_get_common_certs_hash()) == 0;
+    if (common_case)
+        hs_ctx->ccert = SSL_CTX_get_ex_data(ctx, s_ccrt_idx);
+
     if (hs_ctx->ccert)
     {
         ++hs_ctx->ccert->refcnt;
         LSQ_DEBUG("use cached compressed cert");
     }
-    else if (0 == generate_crt(enc_session))
+    else if (0 == generate_crt(enc_session, common_case))
         LSQ_DEBUG("generated compressed cert");
     else
     {