From: Frédéric Lécaille Date: Fri, 2 Jun 2023 15:00:04 +0000 (+0200) Subject: MINOR: quic: Set the QUIC connection as extra data before calling SSL_set_quic_method() X-Git-Tag: v2.9-dev2~14 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=039f5a878614c41c1d6e3f808486986f5a7f3dcf;p=thirdparty%2Fhaproxy.git MINOR: quic: Set the QUIC connection as extra data before calling SSL_set_quic_method() This patch is required for the QUIC OpenSSL wrapper, and does not break anything for the other TLS stacks with their own QUIC support (quictls for instance). The implementation of SSL_set_quic_method() needs to access the quic_conn object to store data within. But SSL_set_quic_method() is only aware of the SSL session object. This is the reason why it is required to set the quic_conn object as extra data to the SSL session object before calling SSL_set_quic_method() so that it can be retrieve by SSL_set_quic_method(). --- diff --git a/src/quic_conn.c b/src/quic_conn.c index dd2c6f2353..3ecd377f85 100644 --- a/src/quic_conn.c +++ b/src/quic_conn.c @@ -6668,8 +6668,8 @@ static int qc_ssl_sess_init(struct quic_conn *qc, SSL_CTX *ssl_ctx, SSL **ssl) goto retry; } - if (!SSL_set_quic_method(*ssl, &ha_quic_method) || - !SSL_set_ex_data(*ssl, ssl_qc_app_data_index, qc)) { + if (!SSL_set_ex_data(*ssl, ssl_qc_app_data_index, qc) || + !SSL_set_quic_method(*ssl, &ha_quic_method)) { SSL_free(*ssl); *ssl = NULL; if (!retry--)