mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-12-03 08:41:40 +01:00
Code Issues Projects Releases Wiki Activity

BUG/MINOR: ssl: remove dead code in ssl_sock_from_buf()

Browse Source 
When haproxy is compiled in -O0, the SSL_get_max_early_data() symbol is
used in the generated assembly, however -O2 seems to remove this symbol
when optimizing the code.

It happens because `if conn_is_back(conn)` and `if
(objt_listener(conn->target))` are opposed conditions, which mean we
never use the branch when objt_listener(conn->target) is true.

This patch removes the dead code. Bonus: SSL_get_max_early_data() is not
implemented in rustls, and that's the only thing preventing to start
with it.

This can be backported in every stable branches.
This commit is contained in:
William Lallemand 2025-11-19 11:00:05 +01:00
parent 1f562687e3
commit c8540f7437
1 changed files with 4 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/ssl_sock.c
View File

@ -7245,14 +7245,10 @@ static size_t ssl_sock_from_buf(struct connection *conn, void *xprt_ctx, const s
if ((ctx->flags & SSL_SOCK_F_EARLY_ENABLED) && conn_is_back(conn)) {
unsigned int max_early;
if (objt_listener(conn->target))
max_early = SSL_get_max_early_data(ctx->ssl);
else {
if (SSL_get0_session(ctx->ssl))
max_early = SSL_SESSION_get_max_early_data(SSL_get0_session(ctx->ssl));
else
max_early = 0;
}
if (SSL_get0_session(ctx->ssl))
max_early = SSL_SESSION_get_max_early_data(SSL_get0_session(ctx->ssl));
else
max_early = 0;
if (try + ctx->sent_early_data > max_early) {
try -= (try + ctx->sent_early_data) - max_early;