From: Frédéric Lécaille <flecaille@haproxy.com>
Date: Wed, 7 Jun 2023 09:25:35 +0000 (+0200)
Subject: MINOR: quic: Call the keylog callback for QUIC openssl wrapper from SSL_CTX_keylog()
X-Git-Tag: v2.9-dev2~8
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a53e523aef85edf2be5a6beda80b4d732f730f28;p=thirdparty%2Fhaproxy.git

MINOR: quic: Call the keylog callback for QUIC openssl wrapper from SSL_CTX_keylog()

SSL_CTX_keylog() is the callback used when the TLS keylog feature is enabled with
tune.ssl.keylog configuration setting. But the QUIC openssl wrapper also needs
to use such a callback to receive the QUIC TLS secrets from the TLS stack.

Add a call to the keylog callback for the QUIC openssl wrapper to SSL_CTX_keylog()
to ensure that it will be called when the TLS keylog feature is enabled.
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 149d5812ab..e3e321425c 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -4486,6 +4486,9 @@ void SSL_CTX_keylog(const SSL *ssl, const char *line)
 	char *lastarg = NULL;
 	char *dst = NULL;
 
+#ifdef USE_QUIC_OPENSSL_COMPAT
+	quic_tls_compat_keylog_callback(ssl, line);
+#endif
 	keylog = SSL_get_ex_data(ssl, ssl_keylog_index);
 	if (!keylog)
 		return;