From 64da1a731fee5b78afb72471fff69612381e8b95 Mon Sep 17 00:00:00 2001
From: swananan <jt26wzz@gmail.com>
Date: Sun, 29 Jun 2025 01:17:21 +0800
Subject: [PATCH] bugfix: improve HTTP/3 SSL Lua callback yield handling

---
 .../nginx-1.27.1-quic_ssl_lua_yield.patch     | 52 +++++++++++++++++++
 1 file changed, 52 insertions(+)
 create mode 100644 patches/nginx/1.27.1/nginx-1.27.1-quic_ssl_lua_yield.patch

diff --git a/patches/nginx/1.27.1/nginx-1.27.1-quic_ssl_lua_yield.patch b/patches/nginx/1.27.1/nginx-1.27.1-quic_ssl_lua_yield.patch
new file mode 100644
index 0000000..a23a000
--- /dev/null
+++ b/patches/nginx/1.27.1/nginx-1.27.1-quic_ssl_lua_yield.patch
@@ -0,0 +1,52 @@
+diff --git a/src/event/quic/ngx_event_quic.c b/src/event/quic/ngx_event_quic.c
+index c03b1d003..ffb21490c 100644
+--- a/src/event/quic/ngx_event_quic.c
++++ b/src/event/quic/ngx_event_quic.c
+@@ -14,7 +14,6 @@ static ngx_quic_connection_t *ngx_quic_new_connection(ngx_connection_t *c,
+     ngx_quic_conf_t *conf, ngx_quic_header_t *pkt);
+ static ngx_int_t ngx_quic_handle_stateless_reset(ngx_connection_t *c,
+     ngx_quic_header_t *pkt);
+-static void ngx_quic_input_handler(ngx_event_t *rev);
+ static void ngx_quic_close_handler(ngx_event_t *ev);
+ 
+ static ngx_int_t ngx_quic_handle_datagram(ngx_connection_t *c, ngx_buf_t *b,
+@@ -392,7 +391,7 @@ ngx_quic_handle_stateless_reset(ngx_connection_t *c, ngx_quic_header_t *pkt)
+ }
+ 
+ 
+-static void
++void
+ ngx_quic_input_handler(ngx_event_t *rev)
+ {
+     ngx_int_t               rc;
+diff --git a/src/event/quic/ngx_event_quic.h b/src/event/quic/ngx_event_quic.h
+index 15201671d..d182e8ed0 100644
+--- a/src/event/quic/ngx_event_quic.h
++++ b/src/event/quic/ngx_event_quic.h
+@@ -125,5 +125,6 @@ ngx_int_t ngx_quic_get_packet_dcid(ngx_log_t *log, u_char *data, size_t len,
+     ngx_str_t *dcid);
+ ngx_int_t ngx_quic_derive_key(ngx_log_t *log, const char *label,
+     ngx_str_t *secret, ngx_str_t *salt, u_char *out, size_t len);
++void ngx_quic_input_handler(ngx_event_t *rev);
+ 
+ #endif /* _NGX_EVENT_QUIC_H_INCLUDED_ */
+diff --git a/src/event/quic/ngx_event_quic_ssl.c b/src/event/quic/ngx_event_quic_ssl.c
+index ba0b5929f..1993449ae 100644
+--- a/src/event/quic/ngx_event_quic_ssl.c
++++ b/src/event/quic/ngx_event_quic_ssl.c
+@@ -424,7 +424,14 @@ ngx_quic_crypto_input(ngx_connection_t *c, ngx_chain_t *data,
+         ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d",
+                        sslerr);
+ 
+-        if (sslerr != SSL_ERROR_WANT_READ) {
++        if (sslerr != SSL_ERROR_WANT_READ
++#if OPENSSL_VERSION_NUMBER >= 0x10002000L
++            && sslerr != SSL_ERROR_WANT_X509_LOOKUP
++#endif
++#ifdef SSL_ERROR_WANT_CLIENT_HELLO_CB
++            && sslerr != SSL_ERROR_WANT_CLIENT_HELLO_CB
++#endif
++        ) {
+ 
+             if (c->ssl->handshake_rejected) {
+                 ngx_connection_error(c, 0, "handshake rejected");