From: Frédéric Lécaille <flecaille@haproxy.com>
Date: Thu, 8 Jun 2023 07:28:31 +0000 (+0200)
Subject: MINOR: quic: SSL context initialization with QUIC OpenSSL wrapper.
X-Git-Tag: v2.9-dev2~5
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=bcbd5a287b35813ed667f23afb98db446c572618;p=thirdparty%2Fhaproxy.git

MINOR: quic: SSL context initialization with QUIC OpenSSL wrapper.

When the QUIC OpenSSL wrapper is used, the keylog has to be set and a QUIC
specific TLS 1.3 extension must be added to the EncryptedExtensions message.
This is done by quic_tls_compat_init().
---

diff --git a/src/quic_conn.c b/src/quic_conn.c
index 7b37174c9a..d998ad24eb 100644
--- a/src/quic_conn.c
+++ b/src/quic_conn.c
@@ -1458,6 +1458,10 @@ int ssl_quic_initial_ctx(struct bind_conf *bind_conf)
 # endif
 	SSL_CTX_set_tlsext_servername_arg(ctx, bind_conf);
 #endif
+#ifdef USE_QUIC_OPENSSL_COMPAT
+	if (!quic_tls_compat_init(bind_conf, ctx))
+		cfgerr |= ERR_ALERT | ERR_FATAL;
+#endif
 
 	return cfgerr;
 }