MINOR: ssl: Add a flag to let it known we have an ALPN negociated

Add a new flag to the ssl_sock_ctx, to be set as soon as the ALPN has
been negociated.
This happens before the handshake has been completed, and that
information will let us know that, when we receive early data, if the
ALPN has been negociated, then we can immediately create a mux, as the
ALPN will tell us which mux to use.

diff --git a/include/haproxy/ssl_sock-t.h b/include/haproxy/ssl_sock-t.h
index 8bbbdd71c23ee9af03cfccadc756fc88c74184d6..d8c2613882a496b2aaa808e6f1e719986960c0e2 100644 (file)
--- a/include/haproxy/ssl_sock-t.h
+++ b/include/haproxy/ssl_sock-t.h
@@ -254,6 +254,7 @@ struct ssl_keylog {
 #define SSL_SOCK_F_KTLS_SEND            (1 << 2) /* kTLS send is configured on that socket */
 #define SSL_SOCK_F_KTLS_RECV            (1 << 3) /* kTLS receive is configure on that socket */
 #define SSL_SOCK_F_CTRL_SEND            (1 << 4) /* We want to send a kTLS control message for that socket */
+#define SSL_SOCK_F_HAS_ALPN             (1 << 5) /* An ALPN has been negociated */
 
 struct ssl_sock_ctx {
        struct connection *conn;

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 8d6e5b000cd15d2b6fcd91b91153bcbf40537573..531bc9330824bbb37ba32e8904e413ecf2eb1fc0 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -2178,6 +2178,13 @@ static int ssl_sock_advertise_alpn_protos(SSL *s, const unsigned char **out,
                                           unsigned int server_len, void *arg)
 {
        struct ssl_bind_conf *conf = arg;
+       struct connection *conn;
+       struct ssl_sock_ctx *ctx;
+
+       conn = SSL_get_ex_data(s, ssl_app_data_index);
+       ctx = __conn_get_ssl_sock_ctx(conn);
+
+
 #ifdef USE_QUIC
        struct quic_conn *qc = SSL_get_ex_data(s, ssl_qc_app_data_index);
 #endif
@@ -2198,6 +2205,7 @@ static int ssl_sock_advertise_alpn_protos(SSL *s, const unsigned char **out,
        }
 #endif
 
+       ctx->flags |= SSL_SOCK_F_HAS_ALPN;
        return SSL_TLSEXT_ERR_OK;
 }
 #endif