Previous patches have reorganize define definitions for SSL 0RTT
support. However a typo was introduced. This caused haproxy to disable
0RTT support announcement and report of an erroneous warning for no
support on the SSL library side when using quictls/openssl compat layer.
This was detected by using ngtcp2-client. No 0RTT packet were emitted by
the client due to haproxy missing support advertisement.
The faulty commit is the following one :
commit
5c4519934708bfe6a26b9ad0cc93a8c5c87df112
MEDIUM: ssl/quic: always compile the ssl_conf.early_data test
This must be backported wherever the above patch is.
#endif
#if defined(SSL_OP_NO_ANTI_REPLAY)
-#define HAVE_SSL_0RTTT
+#define HAVE_SSL_0RTT
#endif
/* At this time, wolfssl, libressl and the openssl QUIC compatibility do not support 0-RTT */
projects / thirdparty / haproxy.git / commitdiff
