BUG/MEDIUM: quic: SSL/TCP handshake failures with OpenSSL 3.5

This bug arrived with this commit: MINOR: quic: OpenSSL 3.5 internal QUIC custom extension for transport parameters reset To make QUIC connection succeed with OpenSSL 3.5 API, a call to quic_ssl_set_tls_cbs() was needed from several callback which call SSL_set_SSL_CTX(). This has as side effect to set the QUIC callbacks used by the OpenSSL 3.5 API. But quic_ssl_set_tls_cbs() was also called for TCP sessions leading the SSL stack to run QUIC code, if the QUIC support is enabled. To fix this, simply ignore the TCP connections inspecting the <ssl_qc_app_data_index> index value which is NULL for such connections. Must be backported to 3.2.
2025-08-06 07:07:04 +02:00 · 2025-07-07 12:01:22 +02:00 · 2025-07-07 12:01:22 +02:00 · fb0324eb09
commit fb0324eb09
parent d0bd0595da
1 changed files with 6 additions and 0 deletions
--- a/src/quic_ssl.c
+++ b/src/quic_ssl.c
@ -1095,6 +1095,12 @@ int qc_ssl_provide_all_quic_data(struct quic_conn *qc, struct ssl_sock_ctx *ctx)
 /* Simple helper to set the specifig OpenSSL/quictls QUIC API callbacks */
 int quic_ssl_set_tls_cbs(SSL *ssl)
 {
+	struct quic_conn *qc = SSL_get_ex_data(ssl, ssl_qc_app_data_index);
+
+	/* Ignore the TCP connections */
+	if (!qc)
+		return 1;
+
 #ifdef HAVE_OPENSSL_QUIC
 	return SSL_set_quic_tls_cbs(ssl, ha_quic_dispatch, NULL);
 #else