From 54eeda4b012be96dcc8c46a47fa69e9d48607393 Mon Sep 17 00:00:00 2001
From: Frederic Lecaille <flecaille@haproxy.com>
Date: Tue, 4 Nov 2025 10:06:13 +0100
Subject: [PATCH] BUG/MINOR: quic-be: backend SSL session reuse fix (OpenSSL
 3.5)

This bug impacts only the QUIC backends when haproxy is compiled against
OpenSSL 3.5 with QUIC API(HAVE_OPENSSL_QUIC).

The QUIC clients could not reuse their SSL session because the TLS tickets
received from the servers could not be provided to the TLS stack. This should
be done when the stack calls ha_quic_ossl_crypto_recv_rcd()
(OSSL_FUNC_SSL_QUIC_TLS_CRYPTO_RECV_RCD callback).

According to OpenSSL team, an SSL_read() call must be done after the handshake
completion. It seems the correct location is at the same level as for
SSL_process_quic_post_handshake() for quictls.

Thank you to @mattcaswell, @Sashan and @vdukhovni for having helped in solving
this issue.

Must be backported to 3.1
---
 src/quic_ssl.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/quic_ssl.c b/src/quic_ssl.c
index 22f0d04ab..45915773b 100644
--- a/src/quic_ssl.c
+++ b/src/quic_ssl.c
@@ -1072,6 +1072,13 @@ int qc_ssl_do_hanshake(struct quic_conn *qc, struct ssl_sock_ctx *ctx)
 
 		TRACE_STATE("SSL post handshake succeeded", QUIC_EV_CONN_IO_CB, qc, &state);
 	}
+#else
+	else {
+		/* Poke to SSL state engine to give TLS record layer chance to handle
+		 * session tickets.
+		 */
+		SSL_read(ctx->ssl, NULL, 0);
+	}
 #endif
 
  out: