mirror of
https://git.haproxy.org/git/haproxy.git/
synced 2025-09-20 21:31:28 +02:00
878a72d001
This issue was reported in GH #3071 by @famfo where a wireshark capture reveals that some handshake could not complete after having received two Initial packets. This could happen when the packets were parsed in two times, calling qc_ssl_provide_all_quic_data() two times. This is due to crypto data stream counter which was incremented two times from qc_ssl_provide_all_quic_data() (see cstream->rx.offset += data statement around line 1223 in quic_ssl.c). One time by the callback which "receives" the crypto data, and on time by qc_ssl_provide_all_quic_data(). Then when parsing the second crypto data frame, the parser detected that the crypto were already provided. To fix this, one could comment the code which increment the crypto data stream counter by <data>. That said, when using the OpenSSL 3.5 QUIC API one should not modified the crypto data stream outside of the OpenSSL 3.5 QUIC API. So, this patch stop calling qc_ssl_provide_all_quic_data() and qc_ssl_provide_quic_data() and only calls qc_ssl_do_hanshake() after having received some crypto data. In addition to this, as these functions are no more called when building haproxy against OpenSSL 3.5, this patch disable their compilations (with #ifndef HAVE_OPENSSL_QUIC). This patch depends on this previous one: MINOR: quic: implement qc_ssl_do_hanshake() Thank you to @famto for this report. Must be backported to 3.2.