mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-11-24 12:20:59 +01:00
Code Issues Projects Releases Wiki Activity

BUG/MINOR: quic: Wrong keylog callback setting.

Browse Source 
This bug impacts only the QUIC OpenSSL compatibility module (USE_QUIC_OPENSSL_COMPAT).

To make this module works, quic_tls_compat_keylog_callback() function must be
set as keylog callback, or at least be called by another keylog callback.
This is what SSL_CTX_keylog() was supposed to do. In addition to export the TLS
secrets via sample fetches this latter also calls quic_tls_compat_keylog_callback()
when compiled with USE_QUIC_OPENSSL_COMPAT defined.

Before this patch, SSL_CTX_keylog() was replaced by quic_tls_compat_keylog_callback()
and the TLS secret were no more exported by sample fetches.

Must be backported to 2.8.
This commit is contained in:
Frédéric Lécaille 2023-12-21 14:14:22 +01:00
parent 19f4f4d890
commit b26f6fb0cb
1 changed files with 0 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/quic_openssl_compat.c
View File

@ -61,7 +61,6 @@ int quic_tls_compat_init(struct bind_conf *bind_conf, SSL_CTX *ctx)
if (bind_conf->xprt != xprt_get(XPRT_QUIC))
return 1;
SSL_CTX_set_keylog_callback(ctx, quic_tls_compat_keylog_callback);
if (SSL_CTX_has_client_custom_ext(ctx, QUIC_OPENSSL_COMPAT_SSL_TP_EXT))
return 1;