From c8540f7437a4d432f8cb51fa3278a037e713699f Mon Sep 17 00:00:00 2001 From: William Lallemand Date: Wed, 19 Nov 2025 11:00:05 +0100 Subject: [PATCH] BUG/MINOR: ssl: remove dead code in ssl_sock_from_buf() When haproxy is compiled in -O0, the SSL_get_max_early_data() symbol is used in the generated assembly, however -O2 seems to remove this symbol when optimizing the code. It happens because `if conn_is_back(conn)` and `if (objt_listener(conn->target))` are opposed conditions, which mean we never use the branch when objt_listener(conn->target) is true. This patch removes the dead code. Bonus: SSL_get_max_early_data() is not implemented in rustls, and that's the only thing preventing to start with it. This can be backported in every stable branches. --- src/ssl_sock.c | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/src/ssl_sock.c b/src/ssl_sock.c index fea5951ee..40d5da29e 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -7245,14 +7245,10 @@ static size_t ssl_sock_from_buf(struct connection *conn, void *xprt_ctx, const s if ((ctx->flags & SSL_SOCK_F_EARLY_ENABLED) && conn_is_back(conn)) { unsigned int max_early; - if (objt_listener(conn->target)) - max_early = SSL_get_max_early_data(ctx->ssl); - else { - if (SSL_get0_session(ctx->ssl)) - max_early = SSL_SESSION_get_max_early_data(SSL_get0_session(ctx->ssl)); - else - max_early = 0; - } + if (SSL_get0_session(ctx->ssl)) + max_early = SSL_SESSION_get_max_early_data(SSL_get0_session(ctx->ssl)); + else + max_early = 0; if (try + ctx->sent_early_data > max_early) { try -= (try + ctx->sent_early_data) - max_early;