From: Frederic Lecaille <flecaille@haproxy.com>
Date: Wed, 17 Jan 2024 14:30:04 +0000 (+0100)
Subject: MINOR: quic-be: Store the remote transport parameters asap
X-Git-Tag: v3.3-dev2~86
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=fc90964b55fd6e3e2f616f673e88f68f042a45a9;p=thirdparty%2Fhaproxy.git

MINOR: quic-be: Store the remote transport parameters asap

This is done from TLS secrets derivation callback at Application level (the last
encryption level) calling SSL_get_peer_quic_transport_params() to have an access
to the TLS transport paremeters extension embedded into the Server Hello TLS message.
Then, quic_transport_params_store() is called to store a decoded version of
these transport parameters.
---

diff --git a/src/quic_ssl.c b/src/quic_ssl.c
index 69e24905e..811b78502 100644
--- a/src/quic_ssl.c
+++ b/src/quic_ssl.c
@@ -278,12 +278,26 @@ write:
 		goto leave;
 
  keyupdate_init:
-	/* Store the secret provided by the TLS stack, required for keyupdate. */
 	if (level == ssl_encryption_application) {
 		struct quic_tls_kp *prv_rx = &qc->ku.prv_rx;
 		struct quic_tls_kp *nxt_rx = &qc->ku.nxt_rx;
 		struct quic_tls_kp *nxt_tx = &qc->ku.nxt_tx;
 
+#ifndef USE_QUIC_OPENSSL_COMPAT
+		if (!qc_is_listener(qc)) {
+			const unsigned char *tp;
+			size_t tplen;
+
+			SSL_get_peer_quic_transport_params(ssl, &tp, &tplen);
+			if (!tplen || !quic_transport_params_store(qc, 1,tp, tp + tplen)) {
+				TRACE_ERROR("Could not parse remote transport paratemers",
+				            QUIC_EV_CONN_RWSEC, qc);
+				goto leave;
+			}
+		}
+#endif
+
+		/* Store the secret provided by the TLS stack, required for keyupdate. */
 		if (rx) {
 			if (!(rx->secret = pool_alloc(pool_head_quic_tls_secret))) {
 				TRACE_ERROR("Could not allocate RX Application secrete keys", QUIC_EV_CONN_RWSEC, qc);