MINOR: ssl: Add a flag to let it known we have an ALPN negociated

Add a new flag to the ssl_sock_ctx, to be set as soon as the ALPN has been negociated. This happens before the handshake has been completed, and that information will let us know that, when we receive early data, if the ALPN has been negociated, then we can immediately create a mux, as the ALPN will tell us which mux to use.
2025-09-20 21:31:28 +02:00 · 2025-09-05 17:48:33 +02:00 · 2025-09-05 17:48:33 +02:00 · 5ab9954faa
commit 5ab9954faa
parent 6b78af837d
2 changed files with 9 additions and 0 deletions
--- a/include/haproxy/ssl_sock-t.h
+++ b/include/haproxy/ssl_sock-t.h
@ -254,6 +254,7 @@ struct ssl_keylog {
 #define SSL_SOCK_F_KTLS_SEND            (1 << 2) /* kTLS send is configured on that socket */
 #define SSL_SOCK_F_KTLS_RECV            (1 << 3) /* kTLS receive is configure on that socket */
 #define SSL_SOCK_F_CTRL_SEND            (1 << 4) /* We want to send a kTLS control message for that socket */
+#define SSL_SOCK_F_HAS_ALPN             (1 << 5) /* An ALPN has been negociated */

 struct ssl_sock_ctx {
 	struct connection *conn;
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@ -2178,6 +2178,13 @@ static int ssl_sock_advertise_alpn_protos(SSL *s, const unsigned char **out,
                                          unsigned int server_len, void *arg)
 {
 	struct ssl_bind_conf *conf = arg;
+	struct connection *conn;
+	struct ssl_sock_ctx *ctx;
+
+	conn = SSL_get_ex_data(s, ssl_app_data_index);
+	ctx = __conn_get_ssl_sock_ctx(conn);
+
+
 #ifdef USE_QUIC
 	struct quic_conn *qc = SSL_get_ex_data(s, ssl_qc_app_data_index);
 #endif
@ -2198,6 +2205,7 @@ static int ssl_sock_advertise_alpn_protos(SSL *s, const unsigned char **out,
 	}
 #endif

+	ctx->flags |= SSL_SOCK_F_HAS_ALPN;
 	return SSL_TLSEXT_ERR_OK;
 }
 #endif