From: Amaury Denoyelle <adenoyelle@haproxy.com>
Date: Wed, 31 Jan 2024 15:20:00 +0000 (+0100)
Subject: BUG/MINOR: ssl/quic: fix 0RTT define
X-Git-Tag: v3.0-dev3~133
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=220386ae4055832529e50063ade5a58db823be71;p=thirdparty%2Fhaproxy.git

BUG/MINOR: ssl/quic: fix 0RTT define

Previous patches have reorganize define definitions for SSL 0RTT
support. However a typo was introduced. This caused haproxy to disable
0RTT support announcement and report of an erroneous warning for no
support on the SSL library side when using quictls/openssl compat layer.

This was detected by using ngtcp2-client. No 0RTT packet were emitted by
the client due to haproxy missing support advertisement.

The faulty commit is the following one :
  commit 5c4519934708bfe6a26b9ad0cc93a8c5c87df112
  MEDIUM: ssl/quic: always compile the ssl_conf.early_data test

This must be backported wherever the above patch is.
---

diff --git a/include/haproxy/openssl-compat.h b/include/haproxy/openssl-compat.h
index 37dfa3b246..01d4ec471a 100644
--- a/include/haproxy/openssl-compat.h
+++ b/include/haproxy/openssl-compat.h
@@ -110,7 +110,7 @@
 #endif
 
 #if defined(SSL_OP_NO_ANTI_REPLAY)
-#define HAVE_SSL_0RTTT
+#define HAVE_SSL_0RTT
 #endif
 
 /* At this time, wolfssl, libressl and the openssl QUIC compatibility do not support 0-RTT */