fix(telegram): use permanent key only for CDN connections#1772
Merged
Conversation
CDN datacenters reject auth.bindTempAuthKey with CDN_METHOD_INVALID, so a CDN connection must authenticate with a permanent key only. With PFS enabled globally, CDN pools inherited EnablePFS and attempted the temp-key bind, tearing down the connection and breaking requests routed to a CDN DC (notably downloads following upload.fileCdnRedirect). Disable PFS for the CDN pool only; the primary and data connections keep PFS. Mirrors the official clients (tdlib get_pfs_flag = use_pfs && !is_cdn; android usePermKey = isCdnDatacenter || ...).
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #1772 +/- ##
==========================================
- Coverage 71.10% 71.06% -0.05%
==========================================
Files 501 501
Lines 23501 23502 +1
==========================================
- Hits 16711 16702 -9
- Misses 5569 5574 +5
- Partials 1221 1226 +5 ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
With PFS enabled (
telegram.WithPFS/Options.EnablePFS), connecting to a CDN datacenter fails. After generating the permanent and temporary auth keys, the connection sendsauth.bindTempAuthKey, which a CDN DC rejects:The connection is then torn down, so any request routed to that CDN DC — in particular file downloads that follow an
upload.fileCdnRedirect— can never acquire a usable connection. It fails on the first chunk and on every retry.Root cause: the temporary-key bind is gated solely by the per-connection PFS flag (
mtproto.Options.EnablePFS). CDN pools are created from a copy of the client options and inherit that flag. The CDN connection mode (manager.ConnModeCDN) is already threaded through the rest of the connection setup (CDN public keys, skippinghelp.getConfig, separate sessions, no auth transfer), but it is not consulted at the bind decision — so a CDN connection still attemptsauth.bindTempAuthKey.Official client behavior
CDN datacenters are authenticated with a permanent key only; PFS / temp-key binding is intentionally disabled for them:
SessionMultiProxy::get_pfs_flag()returnsuse_pfs_ && !is_cdn_, soneed_send_bind_key()is always false andauth.bindTempAuthKeyis never sent on a CDN connection.usePermKey = isCdnDatacenter || perm || !PFS_ENABLEDand never starts a temp-key handshake for a CDN datacenter, so it never callsbindTempAuthKeythere.Fix
Disable PFS for CDN connections in
(*Client).dc. The CDN branch operates on a local copy of the options, so PFS stays enabled for the primary and data DCs — only CDN connections become permanent-key-only, matching the official clients.Test
TestClientCDNDisablesPFS: with PFS enabled globally, asserts that the options passed to a CDN connection haveEnablePFS == false.