From 1889b86561ee67696760111c6df5759c628430dc Mon Sep 17 00:00:00 2001 From: William Lallemand Date: Tue, 30 Jul 2024 14:54:44 +0200 Subject: [PATCH] BUG/MEDIUM: ssl: 0-RTT initialized at the wrong place for AWS-LC Revert patch fcc8255 "MINOR: ssl_sock: Early data disabled during SSL_CTX switching (aws-lc)". The patch was done in the wrong callback which is never built for AWS-LC, and applies options on the SSL_CTX instead of the SSL, which should never be done elsewhere than in the configuration parsing. This was probably triggered by successfully linking haproxy against AWS-LC without using USE_OPENSSL_AWSLC. The patch also reintroduced SSL_CTX_set_early_data_enabled() in the ssl_quic_initial_ctx() and ssl_sock_initial_ctx(). So the initial_ctx does have the right setting, but it still needs to be applied to the selected SSL_CTX in the clienthello, because we need it on the selected SSL_CTX. Must be backported to 3.0. (ssl_clienthello.c part was in ssl_sock.c) --- src/quic_ssl.c | 2 ++ src/ssl_clienthello.c | 8 -------- src/ssl_sock.c | 2 ++ 3 files changed, 4 insertions(+), 8 deletions(-) diff --git a/src/quic_ssl.c b/src/quic_ssl.c index 79c56d3bb..73b19bfa1 100644 --- a/src/quic_ssl.c +++ b/src/quic_ssl.c @@ -452,6 +452,8 @@ int ssl_quic_initial_ctx(struct bind_conf *bind_conf) #if !defined(HAVE_SSL_0RTT_QUIC) ha_warning("Binding [%s:%d] for %s %s: 0-RTT with QUIC is not supported by this SSL library, ignored.\n", bind_conf->file, bind_conf->line, proxy_type_str(bind_conf->frontend), bind_conf->frontend->id); +#elif defined(OPENSSL_IS_BORINGSSL) || defined(USE_OPENSSL_AWSLC) + SSL_CTX_set_early_data_enabled(ctx, 1); #else SSL_CTX_set_options(ctx, SSL_OP_NO_ANTI_REPLAY); SSL_CTX_set_max_early_data(ctx, 0xffffffff); diff --git a/src/ssl_clienthello.c b/src/ssl_clienthello.c index 9ada252ea..1d5b8fa1b 100644 --- a/src/ssl_clienthello.c +++ b/src/ssl_clienthello.c @@ -534,14 +534,6 @@ sni_lookup: return SSL_TLSEXT_ERR_ALERT_FATAL; } -#if defined(OPENSSL_IS_AWSLC) - /* Note that ssl_sock_switchctx_set() calls SSL_set_SSL_CTX() which propagates the - * "early data enabled" setting from the SSL_CTX object to the SSL objects. - * So enable early data for this SSL_CTX context if configured. - */ - if (s->ssl_conf.early_data) - SSL_CTX_set_early_data_enabled(container_of(node, struct sni_ctx, name)->ctx, 1); -#endif /* switch ctx */ ssl_sock_switchctx_set(ssl, container_of(node, struct sni_ctx, name)->ctx); HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock); diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 904aa3a75..91c0dec6e 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -3441,6 +3441,8 @@ ssl_sock_initial_ctx(struct bind_conf *bind_conf) # if defined(OPENSSL_IS_BORINGSSL) || defined(USE_OPENSSL_AWSLC) SSL_CTX_set_select_certificate_cb(ctx, ssl_sock_switchctx_cbk); SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk); + if (bind_conf->ssl_conf.early_data) + SSL_CTX_set_early_data_enabled(ctx, 1); # elif defined(HAVE_SSL_CLIENT_HELLO_CB) # if defined(SSL_OP_NO_ANTI_REPLAY) if (bind_conf->ssl_conf.early_data)