BUG/MEDIUM: quic: Crash after QUIC server callbacks restoration (OpenSSL 3.5)

Revert this patch which is no more useful since OpenSSL 3.5.1 to remove the
QUIC server callback restoration after SSL context switch:

    MINOR: quic: OpenSSL 3.5 internal QUIC custom extension for transport parameters reset

It was required for 3.5.0. That said, there was no CI for OpenSSL 3.5 at the date
of this commit. The CI recently revealed that the QUIC server side could crash
during QUIC reg tests just after having restored the callbacks as implemented by
the commit above.

Also revert this commit which is no more useful because it arrived with the commit
above:

	BUG/MEDIUM: quic: SSL/TCP handshake failures with OpenSSL 3.

Must be backported to 3.2.

include/haproxy/quic_ssl.h

@@ -37,7 +37,6 @@ int ssl_quic_initial_ctx(struct bind_conf *bind_conf);
 SSL_CTX *ssl_quic_srv_new_ssl_ctx(void);
 int qc_alloc_ssl_sock_ctx(struct quic_conn *qc, struct connection *conn);
 int qc_ssl_provide_all_quic_data(struct quic_conn *qc, struct ssl_sock_ctx *ctx);
-int quic_ssl_set_tls_cbs(SSL *ssl);
 
 static inline void qc_free_ssl_sock_ctx(struct ssl_sock_ctx **ctx)
 {

src/quic_ssl.c

@@ -1121,14 +1121,8 @@ int qc_ssl_provide_all_quic_data(struct quic_conn *qc, struct ssl_sock_ctx *ctx)
 }
 
 /* Simple helper to set the specifig OpenSSL/quictls QUIC API callbacks */
-int quic_ssl_set_tls_cbs(SSL *ssl)
+static int quic_ssl_set_tls_cbs(SSL *ssl)
 {
-	struct quic_conn *qc = SSL_get_ex_data(ssl, ssl_qc_app_data_index);
-
-	/* Ignore the TCP connections */
-	if (!qc)
-		return 1;
-
 #ifdef HAVE_OPENSSL_QUIC
 	return SSL_set_quic_tls_cbs(ssl, ha_quic_dispatch, NULL);
 #else

src/ssl_clienthello.c

@@ -29,9 +29,6 @@ static void ssl_sock_switchctx_set(SSL *ssl, SSL_CTX *ctx)
 	SSL_set_verify(ssl, SSL_CTX_get_verify_mode(ctx), ssl_sock_bind_verifycbk);
 	SSL_set_client_CA_list(ssl, SSL_dup_CA_list(SSL_CTX_get_client_CA_list(ctx)));
 	SSL_set_SSL_CTX(ssl, ctx);
-#if defined(USE_QUIC) && defined(HAVE_OPENSSL_QUIC)
-	quic_ssl_set_tls_cbs(ssl);
-#endif
 }
 
 /*

src/ssl_gencert.c

@@ -285,12 +285,8 @@ SSL_CTX *ssl_sock_assign_generated_cert(unsigned int key, struct bind_conf *bind
 		HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
 		lru = lru64_lookup(key, ssl_ctx_lru_tree, bind_conf->ca_sign_ckch->cert, 0);
 		if (lru && lru->domain) {
-			if (ssl) {
+			if (ssl)
 				SSL_set_SSL_CTX(ssl, (SSL_CTX *)lru->data);
-#if defined(USE_QUIC) && defined(HAVE_OPENSSL_QUIC)
-				quic_ssl_set_tls_cbs(ssl);
-#endif
-			}
 			HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
 			return (SSL_CTX *)lru->data;
 		}
@@ -359,18 +355,12 @@ int ssl_sock_generate_certificate(const char *servername, struct bind_conf *bind
 			lru64_commit(lru, ssl_ctx, cacert, 0, (void (*)(void *))SSL_CTX_free);
 		}
 		SSL_set_SSL_CTX(ssl, ssl_ctx);
-#if defined(USE_QUIC) && defined(HAVE_OPENSSL_QUIC)
-		quic_ssl_set_tls_cbs(ssl);
-#endif
 		HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
 		return 1;
 	}
 	else {
 		ssl_ctx = ssl_sock_do_create_cert(servername, bind_conf, ssl);
 		SSL_set_SSL_CTX(ssl, ssl_ctx);
-#if defined(USE_QUIC) && defined(HAVE_OPENSSL_QUIC)
-		quic_ssl_set_tls_cbs(ssl);
-#endif
 		/* No LRU cache, this CTX will be released as soon as the session dies */
 		SSL_CTX_free(ssl_ctx);
 		return 1;