From 5ab9954faa9c815425fa39171ad33e75f4f7d56f Mon Sep 17 00:00:00 2001 From: Olivier Houchard Date: Fri, 5 Sep 2025 17:48:33 +0200 Subject: [PATCH] MINOR: ssl: Add a flag to let it known we have an ALPN negociated Add a new flag to the ssl_sock_ctx, to be set as soon as the ALPN has been negociated. This happens before the handshake has been completed, and that information will let us know that, when we receive early data, if the ALPN has been negociated, then we can immediately create a mux, as the ALPN will tell us which mux to use. --- include/haproxy/ssl_sock-t.h | 1 + src/ssl_sock.c | 8 ++++++++ 2 files changed, 9 insertions(+) diff --git a/include/haproxy/ssl_sock-t.h b/include/haproxy/ssl_sock-t.h index 8bbbdd71c..d8c261388 100644 --- a/include/haproxy/ssl_sock-t.h +++ b/include/haproxy/ssl_sock-t.h @@ -254,6 +254,7 @@ struct ssl_keylog { #define SSL_SOCK_F_KTLS_SEND (1 << 2) /* kTLS send is configured on that socket */ #define SSL_SOCK_F_KTLS_RECV (1 << 3) /* kTLS receive is configure on that socket */ #define SSL_SOCK_F_CTRL_SEND (1 << 4) /* We want to send a kTLS control message for that socket */ +#define SSL_SOCK_F_HAS_ALPN (1 << 5) /* An ALPN has been negociated */ struct ssl_sock_ctx { struct connection *conn; diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 8d6e5b000..531bc9330 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -2178,6 +2178,13 @@ static int ssl_sock_advertise_alpn_protos(SSL *s, const unsigned char **out, unsigned int server_len, void *arg) { struct ssl_bind_conf *conf = arg; + struct connection *conn; + struct ssl_sock_ctx *ctx; + + conn = SSL_get_ex_data(s, ssl_app_data_index); + ctx = __conn_get_ssl_sock_ctx(conn); + + #ifdef USE_QUIC struct quic_conn *qc = SSL_get_ex_data(s, ssl_qc_app_data_index); #endif @@ -2198,6 +2205,7 @@ static int ssl_sock_advertise_alpn_protos(SSL *s, const unsigned char **out, } #endif + ctx->flags |= SSL_SOCK_F_HAS_ALPN; return SSL_TLSEXT_ERR_OK; } #endif