From: Frédéric Lécaille <flecaille@haproxy.com>
Date: Tue, 14 Dec 2021 18:40:04 +0000 (+0100)
Subject: MINOR: ssl_sock: Set the QUIC application from ssl_sock_advertise_alpn_protos.
X-Git-Tag: v2.6-dev1~272
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1761fdf0c6c46a75cc6a6b608238d2f914859706;p=thirdparty%2Fhaproxy.git

MINOR: ssl_sock: Set the QUIC application from ssl_sock_advertise_alpn_protos.

Make this function call quic_set_app_ops() if the protocol could be negotiated
by the TLS stack.
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 158cb48ffc..2f030bab14 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -1974,17 +1974,26 @@ static int ssl_sock_advertise_alpn_protos(SSL *s, const unsigned char **out,
                                           unsigned int server_len, void *arg)
 {
 	struct ssl_bind_conf *conf = arg;
+#ifdef USE_QUIC
+	struct connection *conn = SSL_get_ex_data(s, ssl_app_data_index);
+#endif
 
 	if (SSL_select_next_proto((unsigned char**) out, outlen, (const unsigned char *)conf->alpn_str,
 	                          conf->alpn_len, server, server_len) != OPENSSL_NPN_NEGOTIATED) {
 #ifdef USE_QUIC
-		struct connection *conn = SSL_get_ex_data(s, ssl_app_data_index);
-
 		if (conn->qc)
 			quic_set_tls_alert(conn->qc, SSL_AD_NO_APPLICATION_PROTOCOL);
 #endif
 		return SSL_TLSEXT_ERR_NOACK;
 	}
+
+#ifdef USE_QUIC
+	if (conn->qc && !quic_set_app_ops(conn->qc, *out, *outlen)) {
+		quic_set_tls_alert(conn->qc, SSL_AD_NO_APPLICATION_PROTOCOL);
+		return SSL_TLSEXT_ERR_NOACK;
+	}
+#endif
+
 	return SSL_TLSEXT_ERR_OK;
 }
 #endif