mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-09-21 13:51:26 +02:00
Code Issues Projects Releases Wiki Activity

MINOR: quic+openssl_compat: Emit an alert for "allow-0rtt" option

Browse Source 
QUIC 0-RTT is not supported when haproxy is linked against an TLS stack with
limited QUIC support (OpenSSL).

Modify the "allow-0rtt" option callback to make it emit a warning if set on
a QUIC listener "bind" line.
This commit is contained in:
Frdric Lcaille 2023-08-17 10:53:34 +02:00 committed by Willy Tarreau
parent 0e13325f23
commit 2677dc1c32
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/cfgparse-ssl.c
View File

@ -1089,8 +1089,13 @@ static int ssl_bind_parse_allow_0rtt(char **args, int cur_arg, struct proxy *px,
static int bind_parse_allow_0rtt(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err) static int bind_parse_allow_0rtt(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
{ {
#ifdef USE_QUIC_OPENSSL_COMPAT
memprintf(err, "'%s' : 0-RTT is not supported in limited QUIC compatibility mode, ignored.", args[cur_arg]);
return ERR_WARN;
#else
conf->ssl_conf.early_data = 1; conf->ssl_conf.early_data = 1;
return 0; return 0;
#endif
} }
/* parse the "npn" bind keyword */ /* parse the "npn" bind keyword */