Merge pull request #552 from lucas-clemente/fix-551

fix race condition when saving the encryption level in h2quic.Client

h2quic/client.go

@@ -64,6 +64,8 @@ func (c *Client) Dial() error {
 	return err
 }
 
+// connStateCallback is the ConnStateCallback passed to the quic.Dial
+// this function is called in a separate go-routine
 func (c *Client) connStateCallback(sess quic.Session, state quic.ConnState) {
 	c.mutex.Lock()
 	if c.session == nil {
@@ -76,12 +78,15 @@ func (c *Client) connStateCallback(sess quic.Session, state quic.ConnState) {
 			c.Close(err)
 		}
 	case quic.ConnStateSecure:
-		c.encryptionLevel = protocol.EncryptionSecure
 		utils.Debugf("is secure")
+		// only save the encryption level if it is now higher than it was before
+		if c.encryptionLevel < protocol.EncryptionSecure {
+			c.encryptionLevel = protocol.EncryptionSecure
+		}
 		c.cryptoChangedCond.Broadcast()
 	case quic.ConnStateForwardSecure:
-		c.encryptionLevel = protocol.EncryptionForwardSecure
 		utils.Debugf("is forward secure")
+		c.encryptionLevel = protocol.EncryptionForwardSecure
 		c.cryptoChangedCond.Broadcast()
 	}
 	c.mutex.Unlock()

h2quic/client_test.go

@@ -104,6 +104,13 @@ var _ = Describe("Client", func() {
 		Expect(client.encryptionLevel).To(Equal(protocol.EncryptionForwardSecure))
 	})
 
+	It("sets the correct crypto level, if the ConnStateCallback is called in the wrong order", func() {
+		client.config.ConnState(session, quic.ConnStateForwardSecure)
+		Expect(client.encryptionLevel).To(Equal(protocol.EncryptionForwardSecure))
+		client.config.ConnState(session, quic.ConnStateSecure)
+		Expect(client.encryptionLevel).To(Equal(protocol.EncryptionForwardSecure))
+	})
+
 	Context("Doing requests", func() {
 		var request *http.Request
 		var dataStream *mockStream