mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2026-01-19 00:51:37 +01:00
Code Issues Projects Releases Wiki Activity

BUG/MEDIUM: ssl: Don't attempt to use early data with libressl.

Browse Source 
Libressl doesn't yet provide early data, so don't put the CO_FL_EARLY_SSL_HS
on the connection if we're building with libressl, or the handshake will
never be done.
This commit is contained in:
Olivier Houchard 2019-05-06 15:18:27 +02:00
parent 6c06815751
commit 4cd2af4e5d
2 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/backend.c
View File

@ -1582,7 +1582,9 @@ int connect_server(struct stream *s)
}
#ifdef USE_OPENSSL
#if USE_OPENSSL && (defined(OPENSSL_IS_BORINGSSL) || \
((OPENSSL_VERSION_NUMBER >= 0x10101000L) && !defined(LIBRESSL_VERSION_NUMBER)))
if (!reuse && cli_conn && srv &&
(srv->ssl_ctx.options & SRV_SSL_O_EARLY_DATA) &&
/* Only attempt to use early data if either the client sent

3
src/ssl_sock.c
View File

@ -5336,7 +5336,8 @@ static int ssl_sock_init(struct connection *conn, void **xprt_ctx)
/* leave init state and start handshake */
conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
#if OPENSSL_VERSION_NUMBER >= 0x10101000L || defined(OPENSSL_IS_BORINGSSL)
#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)) || \
defined(OPENSSL_IS_BORINGSSL)
conn->flags |= CO_FL_EARLY_SSL_HS;
#endif