MINOR: quic+openssl_compat: Emit an alert for "allow-0rtt" option

QUIC 0-RTT is not supported when haproxy is linked against an TLS stack with
limited QUIC support (OpenSSL).

Modify the "allow-0rtt" option callback to make it emit a warning if set on
a QUIC listener "bind" line.

diff --git a/src/cfgparse-ssl.c b/src/cfgparse-ssl.c
index 08fcd1cd4ec265fe022f199bb32616d0d690bf48..72caeb36459e45f8482cfbb4199f802c01dcf4d1 100644 (file)
--- a/src/cfgparse-ssl.c
+++ b/src/cfgparse-ssl.c
@@ -1089,8 +1089,13 @@ static int ssl_bind_parse_allow_0rtt(char **args, int cur_arg, struct proxy *px,
 
 static int bind_parse_allow_0rtt(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
 {
+#ifdef USE_QUIC_OPENSSL_COMPAT
+       memprintf(err, "'%s' : 0-RTT is not supported in limited QUIC compatibility mode, ignored.", args[cur_arg]);
+       return ERR_WARN;
+#else
        conf->ssl_conf.early_data = 1;
        return 0;
+#endif
 }
 
 /* parse the "npn" bind keyword */