diff --git a/include/haproxy/quic_ssl.h b/include/haproxy/quic_ssl.h index d19020213..d8f25fb65 100644 --- a/include/haproxy/quic_ssl.h +++ b/include/haproxy/quic_ssl.h @@ -37,6 +37,7 @@ int ssl_quic_initial_ctx(struct bind_conf *bind_conf); SSL_CTX *ssl_quic_srv_new_ssl_ctx(void); int qc_alloc_ssl_sock_ctx(struct quic_conn *qc, struct connection *conn); int qc_ssl_provide_all_quic_data(struct quic_conn *qc, struct ssl_sock_ctx *ctx); +int qc_ssl_do_hanshake(struct quic_conn *qc, struct ssl_sock_ctx *ctx); static inline void qc_free_ssl_sock_ctx(struct ssl_sock_ctx **ctx) { diff --git a/src/quic_conn.c b/src/quic_conn.c index 0e377bc5c..2358073a7 100644 --- a/src/quic_conn.c +++ b/src/quic_conn.c @@ -785,7 +785,11 @@ struct task *quic_conn_io_cb(struct task *t, void *context, unsigned int state) /* TASK_HEAVY is set when received CRYPTO data have to be handled. */ if (HA_ATOMIC_LOAD(&tl->state) & TASK_HEAVY) { +#ifdef HAVE_OPENSSL_QUIC + qc_ssl_do_hanshake(qc, qc->xprt_ctx); +#else qc_ssl_provide_all_quic_data(qc, qc->xprt_ctx); +#endif HA_ATOMIC_AND(&tl->state, ~TASK_HEAVY); } diff --git a/src/quic_ssl.c b/src/quic_ssl.c index e603b6dad..b34cbf216 100644 --- a/src/quic_ssl.c +++ b/src/quic_ssl.c @@ -850,7 +850,7 @@ static forceinline void qc_ssl_dump_errors(struct connection *conn) * connection for servers or start the mux for clients. * Return 1 if succeeded, 0 if not. */ -static int qc_ssl_do_hanshake(struct quic_conn *qc, struct ssl_sock_ctx *ctx) +int qc_ssl_do_hanshake(struct quic_conn *qc, struct ssl_sock_ctx *ctx) { int ret, ssl_err, state; @@ -1041,6 +1041,7 @@ static int qc_ssl_do_hanshake(struct quic_conn *qc, struct ssl_sock_ctx *ctx) goto leave; } +#ifndef HAVE_OPENSSL_QUIC /* Provide CRYPTO data to the TLS stack found at with as length * from encryption level with as QUIC connection context. * Remaining parameter are there for debugging purposes. @@ -1061,13 +1062,11 @@ static int qc_ssl_provide_quic_data(struct ncbuf *ncbuf, TRACE_ENTER(QUIC_EV_CONN_SSLDATA, qc); -#ifndef HAVE_OPENSSL_QUIC if (SSL_provide_quic_data(ctx->ssl, level, data, len) != 1) { TRACE_ERROR("SSL_provide_quic_data() error", QUIC_EV_CONN_SSLDATA, qc, NULL, NULL, ctx->ssl); goto leave; } -#endif if (!qc_ssl_do_hanshake(qc, ctx)) goto leave; @@ -1141,6 +1140,7 @@ int qc_ssl_provide_all_quic_data(struct quic_conn *qc, struct ssl_sock_ctx *ctx) TRACE_LEAVE(QUIC_EV_CONN_PHPKTS, qc); return ret; } +#endif /* Simple helper to set the specific OpenSSL/quictls QUIC API callbacks */ static int quic_ssl_set_tls_cbs(SSL *ssl)