BUG/MINOR: quic: Wrong keylog callback setting.

This bug impacts only the QUIC OpenSSL compatibility module (USE_QUIC_OPENSSL_COMPAT).

To make this module works, quic_tls_compat_keylog_callback() function must be
set as keylog callback, or at least be called by another keylog callback.
This is what SSL_CTX_keylog() was supposed to do. In addition to export the TLS
secrets via sample fetches this latter also calls quic_tls_compat_keylog_callback()
when compiled with USE_QUIC_OPENSSL_COMPAT defined.

Before this patch, SSL_CTX_keylog() was replaced by quic_tls_compat_keylog_callback()
and the TLS secret were no more exported by sample fetches.

Must be backported to 2.8.

diff --git a/src/quic_openssl_compat.c b/src/quic_openssl_compat.c
index 3760bbcf2c6ae3eff3995a1b32ea273da24fb4cb..efd9b1500833bb960a5dbadd3d699c8a7ed36860 100644 (file)
--- a/src/quic_openssl_compat.c
+++ b/src/quic_openssl_compat.c
@@ -61,7 +61,6 @@ int quic_tls_compat_init(struct bind_conf *bind_conf, SSL_CTX *ctx)
        if (bind_conf->xprt != xprt_get(XPRT_QUIC))
                return 1;
 
-       SSL_CTX_set_keylog_callback(ctx, quic_tls_compat_keylog_callback);
        if (SSL_CTX_has_client_custom_ext(ctx, QUIC_OPENSSL_COMPAT_SSL_TP_EXT))
                return 1;