mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-12-04 01:01:00 +01:00
Code Issues Projects Releases Wiki Activity

BUG/MINOR: quic-be: missing connection stream closure upon TLS alert to send

Browse Source 
This is the same issue as the one fixed by this commit:
   BUG/MINOR: quic-be: handshake errors without connection stream closure
But this time this is when the client has to send an alert to the server.
The fix consists in creating the mux after having set the handshake connection
error flag and error_code.

This bug was revealed by ssl/set_ssl_cafile.vtc reg test.

Depends on this commit:
     MINOR: quic: avoid code duplication in TLS alert callback

Must be backported to 3.3
This commit is contained in:
Frederic Lecaille 2025-12-01 16:42:52 +01:00
parent c780bf777a
commit cb3d5ac54d
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/quic_ssl.c
View File

@ -171,6 +171,15 @@ static int ha_quic_send_alert(SSL *ssl, enum ssl_encryption_level_t level, uint8
TRACE_PROTO("Received TLS alert", QUIC_EV_CONN_SSLALERT, qc, &alert, &level); TRACE_PROTO("Received TLS alert", QUIC_EV_CONN_SSLALERT, qc, &alert, &level);
quic_set_tls_alert(qc, alert); quic_set_tls_alert(qc, alert);
if (qc->conn) {
ssl_sock_handle_hs_error(qc->conn);
if (objt_server(qc->conn->target) && !qc->conn->mux) {
/* This has as side effect to close the connection stream */
if (conn_create_mux(qc->conn, NULL) >= 0)
qc->conn->mux->wake(qc->conn);
}
}
TRACE_LEAVE(QUIC_EV_CONN_SSLALERT, qc); TRACE_LEAVE(QUIC_EV_CONN_SSLALERT, qc);
return 1; return 1;
} }