From: Frederic Lecaille <flecaille@haproxy.com>
Date: Wed, 9 Jul 2025 12:31:36 +0000 (+0200)
Subject: MINOR: quic: Prevent QUIC build with OpenSSL 3.5 new QUIC API version < 3.5.1
X-Git-Tag: v3.3-dev3~18
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c01eb1040ecffb4bdda84be1c8522dc370e0f202;p=thirdparty%2Fhaproxy.git

MINOR: quic: Prevent QUIC build with OpenSSL 3.5 new QUIC API version < 3.5.1

The QUIC listener part was impacted by the 3.5.0 OpenSSL new QUIC API with several
issues which have been fixed by 3.5.1.

Add a #error to prevent such OpenSSL 3.5 new QUIC API use with version below 3.5.1.

Must be backported to 3.2.
---

diff --git a/include/haproxy/openssl-compat.h b/include/haproxy/openssl-compat.h
index 97a1b7e88..7b072bec8 100644
--- a/include/haproxy/openssl-compat.h
+++ b/include/haproxy/openssl-compat.h
@@ -52,6 +52,11 @@
 /* This macro is defined by the new OpenSSL 3.5.0 QUIC TLS API and it is not
  * defined by quictls.
  */
+
+#if defined(USE_QUIC) && (OPENSSL_VERSION_NUMBER < 0x30500010L)
+#error "OpenSSL 3.5 QUIC API should only be used with OpenSSL 3.5.1 version and newer"
+#endif
+
 #define HAVE_OPENSSL_QUIC
 #define SSL_set_quic_transport_params   SSL_set_quic_tls_transport_params
 #define SSL_set_quic_early_data_enabled SSL_set_quic_tls_early_data_enabled