mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-09-22 22:31:28 +02:00
Code Issues Projects Releases Wiki Activity

MINOR: quic: Do not enable O-RTT with USE_QUIC_OPENSSL_COMPAT

Browse Source 
Modify ssl_quic_initial_ctx() to disable O-RTT when the QUIC OpenSSL wrapper was
enabled.
This commit is contained in:
Frédéric Lécaille 2023-06-02 16:51:43 +02:00
parent 780133548c
commit 85d763b11e
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/quic_conn.c
View File

@ -1444,7 +1444,9 @@ int ssl_quic_initial_ctx(struct bind_conf *bind_conf)
# if defined(SSL_OP_NO_ANTI_REPLAY) # if defined(SSL_OP_NO_ANTI_REPLAY)
if (bind_conf->ssl_conf.early_data) { if (bind_conf->ssl_conf.early_data) {
SSL_CTX_set_options(ctx, SSL_OP_NO_ANTI_REPLAY); SSL_CTX_set_options(ctx, SSL_OP_NO_ANTI_REPLAY);
#ifndef USE_QUIC_OPENSSL_COMPAT
SSL_CTX_set_max_early_data(ctx, 0xffffffff); SSL_CTX_set_max_early_data(ctx, 0xffffffff);
#endif
} }
# endif /* !SSL_OP_NO_ANTI_REPLAY */ # endif /* !SSL_OP_NO_ANTI_REPLAY */
SSL_CTX_set_client_hello_cb(ctx, ssl_sock_switchctx_cbk, NULL); SSL_CTX_set_client_hello_cb(ctx, ssl_sock_switchctx_cbk, NULL);