test_client cannot connect with nginx-quic becauseof validate token failed

[innocenceman]

Discussed in https://github.com/alibaba/xquic/discussions/87

^{Originally posted by **innocenceman** February 16, 2022} What happened? xquic client connect to **nginx-quic** failed, and there is a error "**_quic garbage token while handling initial packet_**" in error.log xquic was built with boringssl, and the client is test_client, client show "conn errno:11" in the end. Steps To Reproduce download nginx-quic with version [release-1.21.6](https://hg.nginx.org/nginx-quic/rev/release-1.21.6), build and install it, run nginx with nginx.conf:"listen 8443 http3 reuseport". use test_client(command line: ./test_client -a xxx.xxx.xxx.xxx -p xxxx -G -l e -u https://www.xxxxx.com/) to request nginx-quic server. thanks xquic.zip

[Kulsk]

how does the token was generated? if it was not generated by nginx-quic, that might happen, and the token shall be deleted before connect to another implementation, as well as the transport parameter and the session ticket.

[innocenceman]

I don't know how how does the token was generated, is xquic doing that in handshake? it look likes not generated by nginx-quic. and i use chromium client(quic_client) connect to nginx-quic, is ok, is there somthing wrong to use Xquic?

[Kulsk]

token was generated during the previous connection with NEW_TOKEN frame from server. xquic has its own way to generate a NEW_TOKEN, and it is not compatible with other implementations. I think you might connected to test_server before and then use xquic's NEW_TOKEN in the connection to the nginx-quic server.

I don't know how how does the token was generated, is xquic doing that in handshake? it look likes not generated by nginx-quic. and i use chromium client(quic_client) connect to nginx-quic, is ok, is there somthing wrong to use Xquic?

[innocenceman]

Yes, i have connected with test_server before nginx-quic, and I found the "xqc_token" file in the root directory,when i delete it, it is successed to connect with nginx-quic.Thank you for your answer.

And there is another question, Is the xquic token format standard? Why is it incompatible with other software? Is there a document that to learn it?

token was generated during the previous connection with NEW_TOKEN frame from server. xquic has its own way to generate a NEW_TOKEN, and it is not compatible with other implementations. I think you might connected to test_server before and then use xquic's NEW_TOKEN in the connection to the nginx-quic server.

[innocenceman]

I think there should be a note here in Testing-zh.md or somthing another file, It will cause problems for other users.

xquic has its own way to generate a NEW_TOKEN, and it is not compatible with other implementations

[Kulsk]

it's noted in Troubleshooting-zh.md, but your idea is much better

[Kulsk]

NEW_TOKEN and Retry token is not defined by rfc9000, implementations will define their own tokens.

8.1.1. Token Construction

A token sent in a NEW_TOKEN frame or a Retry packet MUST be constructed in a way that allows the server to identify how it was provided to a client. These tokens are carried in the same field but require different handling from servers.