From ad3c07ae8188f3fce52bb838954ec638781d1506 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20L=C3=A9caille?= <flecaille@haproxy.com>
Date: Tue, 14 Dec 2021 19:23:43 +0100
Subject: [PATCH] MINOR: quic: Enable TLS 0-RTT if needed

Enable 0-RTT at the TLS context level:
    RFC 9001 4.6.1. Enabling 0-RTT
    Accordingly, the max_early_data_size parameter is repurposed to hold a
    sentinel value 0xffffffff to indicate that the server is willing to accept
    QUIC 0-RTT data.
At the SSL connection level, we must call SSL_set_quic_early_data_enabled().
---
 src/xprt_quic.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/xprt_quic.c b/src/xprt_quic.c
index 08c4ad11a..55c45f964 100644
--- a/src/xprt_quic.c
+++ b/src/xprt_quic.c
@@ -1184,7 +1184,7 @@ int ssl_quic_initial_ctx(struct bind_conf *bind_conf)
 #elif (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
 	if (bind_conf->ssl_conf.early_data) {
 		SSL_CTX_set_options(ctx, SSL_OP_NO_ANTI_REPLAY);
-		SSL_CTX_set_max_early_data(ctx, global.tune.bufsize - global.tune.maxrewrite);
+		SSL_CTX_set_max_early_data(ctx, 0xffffffff);
 	}
 	SSL_CTX_set_client_hello_cb(ctx, ssl_sock_switchctx_cbk, NULL);
 	SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
@@ -5075,6 +5075,10 @@ static int qc_conn_init(struct connection *conn, void **xprt_ctx)
 		                     qc->enc_params, qc->enc_params_len) == -1)
 			goto err;
 
+		/* Enabling 0-RTT */
+		if (bc->ssl_conf.early_data)
+			SSL_set_quic_early_data_enabled(ctx->ssl, 1);
+
 		SSL_set_accept_state(ctx->ssl);
 	}