mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-11-30 15:21:04 +01:00
Code Issues Projects Releases Wiki Activity

MEDIUM: ssl: Don't restrict usage of early-data with no ALPN

Browse Source 
In ssl_sock_io_cb(), immediately create the mux if we received early
data even if we have not received an ALPN. At this point, if we have not
received the ALPN, we will not receive one anyway, so we can just use
the default mux (h1 when in mode HTTP, pt when in mode TCP).
That way, we can immediately process early data even if the client sent
not ALPN (which will happen if the client is haproxy with no ALPN on the
server line).
This commit is contained in:
Olivier Houchard 2025-11-19 18:34:07 +01:00 committed by Olivier Houchard
parent f6373a6ca8
commit 7ab7c8957f
1 changed files with 1 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/ssl_sock.c
View File

@ -6852,9 +6852,7 @@ struct task *ssl_sock_io_cb(struct task *t, void *context, unsigned int state)
if ((ctx->conn->flags & CO_FL_ERROR) || if ((ctx->conn->flags & CO_FL_ERROR) ||
!(ctx->conn->flags & CO_FL_SSL_WAIT_HS) !(ctx->conn->flags & CO_FL_SSL_WAIT_HS)
#ifdef SSL_READ_EARLY_DATA_SUCCESS #ifdef SSL_READ_EARLY_DATA_SUCCESS
|| (b_data(&ctx->early_buf) && (ctx->flags & SSL_SOCK_F_HAS_ALPN || || b_data(&ctx->early_buf)
(objt_listener(conn->target) &&
__objt_listener(conn->target)->bind_conf->mux_proto)))
#endif #endif
) { ) {
int woke = 0; int woke = 0;