MEDIUM: ssl: Don't restrict usage of early-data with no ALPN

In ssl_sock_io_cb(), immediately create the mux if we received early
data even if we have not received an ALPN. At this point, if we have not
received the ALPN, we will not receive one anyway, so we can just use
the default mux (h1 when in mode HTTP, pt when in mode TCP).
That way, we can immediately process early data even if the client sent
not ALPN (which will happen if the client is haproxy with no ALPN on the
server line).

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 40d5da29e99568c6f740f34ea7e1bbabc33a2835..d6494ef55541a6964095e195649e6ac0c1c5b201 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -6852,9 +6852,7 @@ struct task *ssl_sock_io_cb(struct task *t, void *context, unsigned int state)
        if ((ctx->conn->flags & CO_FL_ERROR) ||
            !(ctx->conn->flags & CO_FL_SSL_WAIT_HS)
 #ifdef SSL_READ_EARLY_DATA_SUCCESS
-           || (b_data(&ctx->early_buf) && (ctx->flags & SSL_SOCK_F_HAS_ALPN ||
-                      (objt_listener(conn->target) &&
-                       __objt_listener(conn->target)->bind_conf->mux_proto)))
+           || b_data(&ctx->early_buf)
 #endif
            ) {
                int woke = 0;