From 2a92fecbf9e240565e3f869a06e1f796565263d6 Mon Sep 17 00:00:00 2001
From: Sergey Kandaurov <pluknet@nginx.com>
Date: Sun, 6 Dec 2020 14:24:38 +0000
Subject: [PATCH] QUIC: disabling bidirectional SSL shutdown earlier.

Notably, this fixes an issue with Chrome that can emit a "certificate_unknown"
alert during the SSL handshake where c->ssl->no_wait_shutdown is not yet set.
---
 src/event/ngx_event_quic.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/event/ngx_event_quic.c b/src/event/ngx_event_quic.c
index e1ab107b1..19ee17aaf 100644
--- a/src/event/ngx_event_quic.c
+++ b/src/event/ngx_event_quic.c
@@ -1563,6 +1563,8 @@ ngx_quic_init_connection(ngx_connection_t *c)
         return NGX_ERROR;
     }
 
+    c->ssl->no_wait_shutdown = 1;
+
     ssl_conn = c->ssl->connection;
 
     if (SSL_set_quic_method(ssl_conn, &quic_method) == 0) {
@@ -3726,7 +3728,6 @@ ngx_quic_crypto_input(ngx_connection_t *c, ngx_quic_frame_t *frame, void *data)
                    "quic handshake completed successfully");
 
     c->ssl->handshaked = 1;
-    c->ssl->no_wait_shutdown = 1;
 
     frame = ngx_quic_alloc_frame(c, 0);
     if (frame == NULL) {