mirror of
https://git.haproxy.org/git/haproxy.git/
synced 2026-01-25 12:01:10 +01:00
45ac235baa
Revert this patch which is no more useful since OpenSSL 3.5.1 to remove the
QUIC server callback restoration after SSL context switch:
MINOR: quic: OpenSSL 3.5 internal QUIC custom extension for transport parameters reset
It was required for 3.5.0. That said, there was no CI for OpenSSL 3.5 at the date
of this commit. The CI recently revealed that the QUIC server side could crash
during QUIC reg tests just after having restored the callbacks as implemented by
the commit above.
Also revert this commit which is no more useful because it arrived with the commit
above:
BUG/MEDIUM: quic: SSL/TCP handshake failures with OpenSSL 3.
Must be backported to 3.2.
92 lines
2.4 KiB
C
92 lines
2.4 KiB
C
/*
|
|
* include/haproxy/quic_ssl.h
|
|
* This file contains QUIC over TLS/SSL api definitions.
|
|
*
|
|
* Copyright (C) 2023
|
|
*
|
|
* This library is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
* License as published by the Free Software Foundation, version 2.1
|
|
* exclusively.
|
|
*
|
|
* This library is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* Lesser General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
* License along with this library; if not, write to the Free Software
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
|
*/
|
|
#ifndef _HAPROXY_QUIC_SSL_H
|
|
#define _HAPROXY_QUIC_SSL_H
|
|
|
|
#ifdef USE_QUIC
|
|
#ifndef USE_OPENSSL
|
|
#error "Must define USE_OPENSSL"
|
|
#endif
|
|
|
|
#include <haproxy/listener-t.h>
|
|
#include <haproxy/ncbuf-t.h>
|
|
#include <haproxy/openssl-compat.h>
|
|
#include <haproxy/pool.h>
|
|
#include <haproxy/quic_ssl-t.h>
|
|
#include <haproxy/ssl_sock-t.h>
|
|
|
|
int ssl_quic_initial_ctx(struct bind_conf *bind_conf);
|
|
SSL_CTX *ssl_quic_srv_new_ssl_ctx(void);
|
|
int qc_alloc_ssl_sock_ctx(struct quic_conn *qc, struct connection *conn);
|
|
int qc_ssl_provide_all_quic_data(struct quic_conn *qc, struct ssl_sock_ctx *ctx);
|
|
|
|
static inline void qc_free_ssl_sock_ctx(struct ssl_sock_ctx **ctx)
|
|
{
|
|
if (!*ctx)
|
|
return;
|
|
|
|
SSL_free((*ctx)->ssl);
|
|
pool_free(pool_head_quic_ssl_sock_ctx, *ctx);
|
|
*ctx = NULL;
|
|
}
|
|
|
|
#if defined(HAVE_SSL_0RTT_QUIC)
|
|
static inline int qc_ssl_eary_data_accepted(const SSL *ssl)
|
|
{
|
|
#if defined(OPENSSL_IS_AWSLC)
|
|
return SSL_early_data_accepted(ssl);
|
|
#else
|
|
return SSL_get_early_data_status(ssl) == SSL_EARLY_DATA_ACCEPTED;
|
|
#endif
|
|
}
|
|
|
|
static inline const char *quic_ssl_early_data_status_str(const SSL *ssl)
|
|
{
|
|
#if defined(OPENSSL_IS_AWSLC)
|
|
if (SSL_early_data_accepted(ssl))
|
|
return "ACCEPTED";
|
|
else
|
|
return "UNKNOWN";
|
|
#else
|
|
int early_data_status = SSL_get_early_data_status(ssl);
|
|
|
|
switch (early_data_status) {
|
|
case SSL_EARLY_DATA_ACCEPTED:
|
|
return "ACCEPTED";
|
|
case SSL_EARLY_DATA_REJECTED:
|
|
return "REJECTED";
|
|
case SSL_EARLY_DATA_NOT_SENT:
|
|
return "NOT_SENT";
|
|
default:
|
|
return "UNKNOWN";
|
|
}
|
|
#endif
|
|
}
|
|
#else
|
|
static inline const char *quic_ssl_early_data_status_str(const SSL *ssl)
|
|
{
|
|
return "NOT_SUPPORTED";
|
|
}
|
|
#endif
|
|
|
|
#endif /* USE_QUIC */
|
|
#endif /* _HAPROXY_QUIC_SSL_H */
|