mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-09-20 21:31:28 +02:00
Code Issues Projects Releases Wiki Activity

BUG/MEDIUM: ssl: Fix a crash when using QUIC

Browse Source 
Commit 5ab9954faa9c815425fa39171ad33e75f4f7d56f introduced a new flag in
ssl_sock_ctx, to know that an ALPN was negociated, however, the way to
get the ssl_sock_ctx was wrong for QUIC. If we're using QUIC, get it
from the quic_conn.
This should fix crashes when attempting to use QUIC.
This commit is contained in:
Olivier Houchard 2025-09-10 11:40:32 +02:00 committed by Olivier Houchard
parent be86a69fe8
commit 1759c97255
1 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/ssl_sock.c
View File

@ -2179,13 +2179,17 @@ static int ssl_sock_advertise_alpn_protos(SSL *s, const unsigned char **out,
{
struct ssl_bind_conf *conf = arg;
struct connection *conn;
struct ssl_sock_ctx *ctx;
struct ssl_sock_ctx *ctx = NULL;
#ifdef USE_QUIC
struct quic_conn *qc = SSL_get_ex_data(s, ssl_qc_app_data_index);
if (qc)
ctx = qc->xprt_ctx;
#endif
if (!ctx) {
conn = SSL_get_ex_data(s, ssl_app_data_index);
ctx = __conn_get_ssl_sock_ctx(conn);
}
if (SSL_select_next_proto((unsigned char**) out, outlen, (const unsigned char *)conf->alpn_str,
conf->alpn_len, server, server_len) != OPENSSL_NPN_NEGOTIATED) {
@ -2203,6 +2207,7 @@ static int ssl_sock_advertise_alpn_protos(SSL *s, const unsigned char **out,
}
#endif
if (ctx)
ctx->flags |= SSL_SOCK_F_HAS_ALPN;
return SSL_TLSEXT_ERR_OK;
}