From b26f6fb0cb358ef1df15e21151906e4c2e9f4364 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20L=C3=A9caille?= <flecaille@haproxy.com>
Date: Thu, 21 Dec 2023 14:14:22 +0100
Subject: [PATCH] BUG/MINOR: quic: Wrong keylog callback setting.

This bug impacts only the QUIC OpenSSL compatibility module (USE_QUIC_OPENSSL_COMPAT).

To make this module works, quic_tls_compat_keylog_callback() function must be
set as keylog callback, or at least be called by another keylog callback.
This is what SSL_CTX_keylog() was supposed to do. In addition to export the TLS
secrets via sample fetches this latter also calls quic_tls_compat_keylog_callback()
when compiled with USE_QUIC_OPENSSL_COMPAT defined.

Before this patch, SSL_CTX_keylog() was replaced by quic_tls_compat_keylog_callback()
and the TLS secret were no more exported by sample fetches.

Must be backported to 2.8.
---
 src/quic_openssl_compat.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/quic_openssl_compat.c b/src/quic_openssl_compat.c
index 3760bbcf2..efd9b1500 100644
--- a/src/quic_openssl_compat.c
+++ b/src/quic_openssl_compat.c
@@ -61,7 +61,6 @@ int quic_tls_compat_init(struct bind_conf *bind_conf, SSL_CTX *ctx)
 	if (bind_conf->xprt != xprt_get(XPRT_QUIC))
 		return 1;
 
-	SSL_CTX_set_keylog_callback(ctx, quic_tls_compat_keylog_callback);
 	if (SSL_CTX_has_client_custom_ext(ctx, QUIC_OPENSSL_COMPAT_SSL_TP_EXT))
 		return 1;