mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2026-03-14 19:41:33 +01:00
Code Issues Projects Releases Wiki Activity

BUG/MINOR: ech/quic: enable ech configuration also for quic listeners

Browse Source 
Patch dba4fd24 ("MEDIUM: ssl/ech: config and load keys") introduced
ECH configuration for bind lines, but the QUIC configuration parsers
still suffers from not using the same code as the TCP/TLS one, so the
init for QUIC was missed.

Must be backported in 3.3.
This commit is contained in:
akarl10 2026-01-01 14:32:56 +01:00 committed by William Lallemand
parent 6e1718ce4b
commit a203ce6854
1 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/quic_ssl.c
View File

@ -10,6 +10,9 @@
#include <haproxy/ssl_sock.h>
#include <haproxy/stats.h>
#include <haproxy/trace.h>
#ifdef USE_ECH
#include <haproxy/ech.h>
#endif
DECLARE_TYPED_POOL(pool_head_quic_ssl_sock_ctx, "quic_ssl_sock_ctx", struct ssl_sock_ctx);
const char *default_quic_ciphersuites = "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384"
@ -810,6 +813,20 @@ int ssl_quic_initial_ctx(struct bind_conf *bind_conf)
cfgerr++;
#endif
#ifdef USE_ECH
if (bind_conf->ssl_conf.ech_filedir) {
int loaded = 0;
if (load_echkeys(ctx, bind_conf->ssl_conf.ech_filedir, &loaded) != 1) {
cfgerr += 1;
ha_alert("Proxy '%s': failed to load ECH key s from %s for '%s' at [%s:%d].\n",
bind_conf->frontend->id, bind_conf->ssl_conf.ech_filedir,
bind_conf->arg, bind_conf->file, bind_conf->line);
}
}
#endif
return cfgerr;
}