MINOR: quic+openssl_compat: Do not start without "limited-quic"

Add a check for limited-quic in check_config_validity() when compiled
with USE_QUIC_OPENSSL_COMPAT so that we prevent a config from starting
accidentally with limited QUIC support. If a QUIC listener is found
when using the compatibility mode and limited-quic is not set, an error
message is reported explaining that the SSL library is not compatible
and proposing the user to enable limited-quic if that's what they want,
and the startup fails.

This partially reverts commit 7c730803d ("MINOR: quic: Warning for
OpenSSL wrapper QUIC bindings without "limited-quic"") since a warning
was not sufficient.

diff --git a/src/cfgparse.c b/src/cfgparse.c
index 7cc829d4680c43ca8ef8f42e99f94b5a2db607e1..e81acda5d409d0060b8004502195a2a9ea4f2d0e 100644 (file)
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -4284,6 +4284,7 @@ init_proxies_list_stage2:
                }
 
                /* adjust this proxy's listeners */
+               bind_conf = NULL;
                next_id = 1;
                list_for_each_entry(listener, &curproxy->conf.listeners, by_fe) {
                        if (!listener->luid) {
@@ -4312,6 +4313,20 @@ init_proxies_list_stage2:
                                                cfgerr++;
                                        }
                                }
+# ifdef USE_QUIC_OPENSSL_COMPAT
+                               /* store the last checked bind_conf in bind_conf */
+                               if (!(global.tune.options & GTUNE_NO_QUIC) &&
+                                   !(global.tune.options & GTUNE_LIMITED_QUIC) &&
+                                   listener->bind_conf != bind_conf) {
+                                       bind_conf = listener->bind_conf;
+                                       ha_alert("Binding [%s:%d] for %s %s: this SSL library does not support the "
+                                                "QUIC protocol. A limited compatibility layer may be enabled using "
+                                                "the \"limited-quic\" global option if desired.\n",
+                                                listener->bind_conf->file, listener->bind_conf->line,
+                                                proxy_type_str(curproxy), curproxy->id);
+                                       cfgerr++;
+                               }
+# endif
 
                                li_init_per_thr(listener);
                        }

diff --git a/src/protocol.c b/src/protocol.c
index 3817cf899167718ad4b2ee112e7c42c8c5986544..25ed6b757e7397b089310ad80cd7ee79a38b123d 100644 (file)
--- a/src/protocol.c
+++ b/src/protocol.c
@@ -120,21 +120,8 @@ int protocol_supports_flag(struct protocol *proto, uint flag)
  */
 static inline int protocol_may_bind_quic(struct listener *l)
 {
-#ifdef USE_QUIC_OPENSSL_COMPAT
-       struct proxy *px = l->bind_conf->frontend;
-
-#endif
        if (global.tune.options & GTUNE_NO_QUIC)
                return 0;
-#ifdef USE_QUIC_OPENSSL_COMPAT
-       if (!(global.tune.options & GTUNE_LIMITED_QUIC)) {
-               ha_warning("Binding [%s:%d] for %s %s: receiving socket not bound"
-                          " (\"limited-quic\" global option is not set)\n",
-                          l->bind_conf->file, l->bind_conf->line,
-                          proxy_type_str(px), px->id);
-               return 0;
-       }
-#endif
        return 1;
 }
 #endif