From dc13068eb4af5eada14b3b8ce51985b72397b11e Mon Sep 17 00:00:00 2001
From: Frederic Lecaille <flecaille@haproxy.com>
Date: Thu, 27 Nov 2025 11:22:46 +0100
Subject: [PATCH] BUG/MINOR: quic/ssl: crash in ClientHello callback ssl traces

Such crashes may occur for QUIC frontends only when the SSL traces are enabled.

ssl_sock_switchctx_cbk() ClientHello callback may be called without any connection
initialize (<conn>) for QUIC connections leading to crashes when passing
conn->err_code to TRACE_ERROR().

Modify the TRACE_ERROR() statement to pass this parameter only when <conn> is
initialized.

Must be backported as far as 3.2.
---
 src/ssl_clienthello.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/ssl_clienthello.c b/src/ssl_clienthello.c
index ffc06b94b..af4b1d9ff 100644
--- a/src/ssl_clienthello.c
+++ b/src/ssl_clienthello.c
@@ -506,7 +506,8 @@ sni_lookup:
 	/* abort handshake (was SSL_TLSEXT_ERR_ALERT_FATAL) */
 	if (conn)
 		conn->err_code = CO_ER_SSL_HANDSHAKE;
-	TRACE_ERROR("No suitable SSL context found", SSL_EV_CONN_SWITCHCTX_CB|SSL_EV_CONN_ERR, conn, ssl, &conn->err_code);
+	TRACE_ERROR("No suitable SSL context found", SSL_EV_CONN_SWITCHCTX_CB|SSL_EV_CONN_ERR,
+	            conn, ssl, conn ? &conn->err_code : NULL);
 #if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)
 	return ssl_select_cert_error;
 #else