git.ipfire.org Git - thirdparty/haproxy.git/commit

author	Frédéric Lécaille <flecaille@haproxy.com>
	Tue, 4 Jul 2023 05:55:58 +0000 (07:55 +0200)
committer	Frédéric Lécaille <flecaille@haproxy.com>
	Fri, 21 Jul 2023 12:27:10 +0000 (14:27 +0200)
commit	90a63ae4faee2e86db3d8326fb9b9d7cf05630f1
tree	50ef5722553c560e1e2448af183d0bab7fc09317	tree
parent	642dba8c22f3135baf355eb068326c20f42690b2	commit \| diff

MINOR: quic: Dynamic allocation for negotiated Initial TLS cipher context.

Shorten ->negotiated_ictx quic_conn struct member (->nictx).
This variable is used during version negotiation. Indeed, a connection
may have to support support several QUIC versions of paquets during
the handshake. ->nictx is the QUIC TLS cipher context used for the negotiated
QUIC version.

This patch allows a connection to dynamically allocate this TLS cipher context.

Add a new pool (pool_head_quic_tls_ctx) for such QUIC TLS cipher context object.
Modify qc_new_conn() to initialize ->nictx to NULL value.
quic_tls_ctx_secs_free() frees all the secrets attached to a QUIC TLS cipher context.
Modify it to do nothing if it is called with a NULL TLS cipher context.
Modify to allocate ->nictx from qc_conn_finalize() just before initializing
its secrets. qc_conn_finalize() allocates -nictx only if needed (if a new QUIC
version was negotiated).
Modify qc_conn_release() which release a QUIC connection (quic_conn struct) to
release ->nictx TLS cipher context.

include/haproxy/quic_conn-t.h		diff \| blob \| blame \| history
include/haproxy/quic_tls-t.h		diff \| blob \| blame \| history
include/haproxy/quic_tls.h		diff \| blob \| blame \| history
src/quic_conn.c		diff \| blob \| blame \| history
src/quic_tls.c		diff \| blob \| blame \| history