mirror of
https://git.haproxy.org/git/haproxy.git/
synced 2025-09-22 06:11:32 +02:00
f49bbd36b9
Modify qc_alloc_ssl_sock_ctx() to pass the connection object as parameter. It is NULL for a QUIC listener, not NULL for a QUIC server. This connection object is set as value for ->conn quic_conn struct member. Initialise the SSL session object from this function for QUIC servers. qc_ssl_set_quic_transport_params() is also modified to pass the SSL object as parameter. This is the unique parameter this function needs. <qc> parameter is used only for the trace. SSL_do_handshake() must be calle as soon as the SSL object is initialized for the QUIC backend connection. This triggers the TLS CRYPTO data delivery. tasklet_wakeup() is also called to send asap these CRYPTO data. Modify the QUIC_EV_CONN_NEW event trace to dump the potential errors returned by SSL_do_handshake().
93 lines
2.4 KiB
C
93 lines
2.4 KiB
C
/*
|
|
* include/haproxy/quic_ssl.h
|
|
* This file contains QUIC over TLS/SSL api definitions.
|
|
*
|
|
* Copyright (C) 2023
|
|
*
|
|
* This library is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
* License as published by the Free Software Foundation, version 2.1
|
|
* exclusively.
|
|
*
|
|
* This library is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* Lesser General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
* License along with this library; if not, write to the Free Software
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
|
*/
|
|
#ifndef _HAPROXY_QUIC_SSL_H
|
|
#define _HAPROXY_QUIC_SSL_H
|
|
|
|
#ifdef USE_QUIC
|
|
#ifndef USE_OPENSSL
|
|
#error "Must define USE_OPENSSL"
|
|
#endif
|
|
|
|
#include <haproxy/listener-t.h>
|
|
#include <haproxy/ncbuf-t.h>
|
|
#include <haproxy/openssl-compat.h>
|
|
#include <haproxy/pool.h>
|
|
#include <haproxy/quic_ssl-t.h>
|
|
#include <haproxy/ssl_sock-t.h>
|
|
|
|
int ssl_quic_initial_ctx(struct bind_conf *bind_conf);
|
|
SSL_CTX *ssl_quic_srv_new_ssl_ctx(void);
|
|
int qc_alloc_ssl_sock_ctx(struct quic_conn *qc, struct connection *conn);
|
|
int qc_ssl_provide_all_quic_data(struct quic_conn *qc, struct ssl_sock_ctx *ctx);
|
|
int quic_ssl_set_tls_cbs(SSL *ssl);
|
|
|
|
static inline void qc_free_ssl_sock_ctx(struct ssl_sock_ctx **ctx)
|
|
{
|
|
if (!*ctx)
|
|
return;
|
|
|
|
SSL_free((*ctx)->ssl);
|
|
pool_free(pool_head_quic_ssl_sock_ctx, *ctx);
|
|
*ctx = NULL;
|
|
}
|
|
|
|
#if defined(HAVE_SSL_0RTT_QUIC)
|
|
static inline int qc_ssl_eary_data_accepted(const SSL *ssl)
|
|
{
|
|
#if defined(OPENSSL_IS_AWSLC)
|
|
return SSL_early_data_accepted(ssl);
|
|
#else
|
|
return SSL_get_early_data_status(ssl) == SSL_EARLY_DATA_ACCEPTED;
|
|
#endif
|
|
}
|
|
|
|
static inline const char *quic_ssl_early_data_status_str(const SSL *ssl)
|
|
{
|
|
#if defined(OPENSSL_IS_AWSLC)
|
|
if (SSL_early_data_accepted(ssl))
|
|
return "ACCEPTED";
|
|
else
|
|
return "UNKNOWN";
|
|
#else
|
|
int early_data_status = SSL_get_early_data_status(ssl);
|
|
|
|
switch (early_data_status) {
|
|
case SSL_EARLY_DATA_ACCEPTED:
|
|
return "ACCEPTED";
|
|
case SSL_EARLY_DATA_REJECTED:
|
|
return "REJECTED";
|
|
case SSL_EARLY_DATA_NOT_SENT:
|
|
return "NOT_SENT";
|
|
default:
|
|
return "UNKNOWN";
|
|
}
|
|
#endif
|
|
}
|
|
#else
|
|
static inline const char *quic_ssl_early_data_status_str(const SSL *ssl)
|
|
{
|
|
return "NOT_SUPPORTED";
|
|
}
|
|
#endif
|
|
|
|
#endif /* USE_QUIC */
|
|
#endif /* _HAPROXY_QUIC_SSL_H */
|