From b5b5247b18cd2d1f81d577b1418cf8df202b2ca1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20L=C3=A9caille?= <flecaille@haproxy.com>
Date: Mon, 22 Nov 2021 15:55:16 +0100
Subject: [PATCH] MINOR: quic: Immediately close if no transport parameters
 extension found

If the ClientHello callback does not manage to find a correct QUIC transport
parameters extension, we immediately close the connection with
missing_extension(109) as TLS alert which is turned into 0x16d QUIC connection
error.
---
 src/ssl_sock.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index ffbfa5031..158cb48ff 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -2463,7 +2463,15 @@ int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *arg)
 		if (!SSL_client_hello_get0_ext(ssl, conn->qc->tps_tls_ext,
 		                               &extension_data, &extension_len))
 #endif
-			goto abort;
+		{
+			/* This is not redundant. It we only return 0 without setting
+			 * <*al>, this has as side effect to generate another TLS alert
+			 * which would be set after calling quic_set_tls_alert().
+			 */
+			*al = SSL_AD_MISSING_EXTENSION;
+			quic_set_tls_alert(conn->qc, SSL_AD_MISSING_EXTENSION);
+			return 0;
+		}
 
 		if (!quic_transport_params_store(conn->qc, 0, extension_data,
 		                                 extension_data + extension_len))