From: Frédéric Lécaille <flecaille@haproxy.com>
Date: Mon, 23 Nov 2020 10:33:12 +0000 (+0100)
Subject: MINOR: cfgparse: Do not modify the QUIC xprt when parsing "ssl".
X-Git-Tag: v2.4-dev5~73
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e50afbd4e40a37310aa3b79b50a920164215c903;p=thirdparty%2Fhaproxy.git

MINOR: cfgparse: Do not modify the QUIC xprt when parsing "ssl".

When parsing "ssl" keyword for TLS bindings, we must not use the same xprt as the one
for TLS/TCP connections. So, do not modify the QUIC xprt which will be initialized
when parsing QUIC addresses wich "ssl" bindings.
---

diff --git a/src/cfgparse-ssl.c b/src/cfgparse-ssl.c
index 47e0592975..3d58cd22d9 100644
--- a/src/cfgparse-ssl.c
+++ b/src/cfgparse-ssl.c
@@ -1040,7 +1040,9 @@ static int bind_parse_alpn(char **args, int cur_arg, struct proxy *px, struct bi
 /* parse the "ssl" bind keyword */
 static int bind_parse_ssl(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
 {
-	conf->xprt = &ssl_sock;
+	/* Do not change the xprt for QUIC. */
+	if (conf->xprt != xprt_get(XPRT_QUIC))
+		conf->xprt = &ssl_sock;
 	conf->is_ssl = 1;
 
 	if (global_ssl.listen_default_ciphers && !conf->ssl_conf.ciphers)