mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-08-07 15:47:01 +02:00
Code Issues Projects Releases Wiki Activity

BUILD: quic: Fix build error when building QUIC against libressl.

Browse Source 
This previous commit was not sufficient to completely fix the building issue
in relation with the TLS stack 0-RTT support. LibreSSL was the last TLS
stack to refuse to compile because of undefined a QUIC specific function
for 0-RTT: SSL_set_quic_early_data_enabled().

To get rid of such compilation issues, define HA_OPENSSL_HAVE_0RTT_SUPPORT
only when building against TLS stack with 0-RTT support.

No need to backport.
This commit is contained in:
Frederic Lecaille 2024-01-24 15:37:40 +01:00
parent 40f9902388
commit ab75d89e07
2 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
include/haproxy/openssl-compat.h
View File

@ -48,6 +48,11 @@
#include <haproxy/quic_openssl_compat.h> #include <haproxy/quic_openssl_compat.h>
#endif #endif
/* At this time, wolfssl, libressl and the openssl QUIC compatibility do not support 0-RTT */
#if !defined(USE_QUIC_OPENSSL_COMPAT) && !defined(LIBRESSL_VERSION_NUMBER) && !defined(USE_OPENSSL_WOLFSSL)
#define HA_OPENSSL_HAVE_0RTT_SUPPORT
#endif
#if defined(LIBRESSL_VERSION_NUMBER) #if defined(LIBRESSL_VERSION_NUMBER)
/* LibreSSL is a fork of OpenSSL 1.0.1g but pretends to be 2.0.0, thus /* LibreSSL is a fork of OpenSSL 1.0.1g but pretends to be 2.0.0, thus
* systematically breaking when some code is written for a specific version * systematically breaking when some code is written for a specific version

8
src/quic_ssl.c
View File

@ -735,7 +735,7 @@ static int qc_ssl_sess_init(struct quic_conn *qc, SSL_CTX *ssl_ctx, SSL **ssl)
return ret; return ret;
} }
#if !defined(USE_QUIC_OPENSSL_COMPAT) && !defined(USE_OPENSSL_WOLFSSL) #ifdef HA_OPENSSL_HAVE_0RTT_SUPPORT
/* Enable early data for <ssl> QUIC TLS session. /* Enable early data for <ssl> QUIC TLS session.
* Return 1 if succeeded, 0 if not. * Return 1 if succeeded, 0 if not.
@ -770,7 +770,7 @@ static int qc_set_quic_early_data_enabled(struct quic_conn *qc, SSL *ssl)
return 1; return 1;
} }
#endif // USE_QUIC_OPENSSL_COMPAT #endif // HA_OPENSSL_HAVE_0RTT_SUPPORT
/* Allocate the ssl_sock_ctx from connection <qc>. This creates the tasklet /* Allocate the ssl_sock_ctx from connection <qc>. This creates the tasklet
* used to process <qc> received packets. The allocated context is stored in * used to process <qc> received packets. The allocated context is stored in
@ -807,12 +807,10 @@ int qc_alloc_ssl_sock_ctx(struct quic_conn *qc)
if (qc_is_listener(qc)) { if (qc_is_listener(qc)) {
if (qc_ssl_sess_init(qc, bc->initial_ctx, &ctx->ssl) == -1) if (qc_ssl_sess_init(qc, bc->initial_ctx, &ctx->ssl) == -1)
goto err; goto err;
#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L) #if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L) && defined(HA_OPENSSL_HAVE_0RTT_SUPPORT)
#if !defined(USE_QUIC_OPENSSL_COMPAT) && !defined(USE_OPENSSL_WOLFSSL)
/* Enabling 0-RTT */ /* Enabling 0-RTT */
if (bc->ssl_conf.early_data && !qc_set_quic_early_data_enabled(qc, ctx->ssl)) if (bc->ssl_conf.early_data && !qc_set_quic_early_data_enabled(qc, ctx->ssl))
goto err; goto err;
#endif
#endif #endif
SSL_set_accept_state(ctx->ssl); SSL_set_accept_state(ctx->ssl);