git.ipfire.org Git - thirdparty/haproxy.git/commit

author	Amaury Denoyelle <adenoyelle@haproxy.com>
	Wed, 28 Jan 2026 08:53:40 +0000 (09:53 +0100)
committer	Amaury Denoyelle <adenoyelle@haproxy.com>
	Thu, 29 Jan 2026 10:14:09 +0000 (11:14 +0100)
commit	869a997a68a23ef235aaea16bc80dfb1801ec7ef
tree	6d94f59ba30c6c6cf3eafe42588e2d12b05be84d	tree \| snapshot
parent	48d9c90ff292a38c9e54f86690481f75322d463c	commit \| diff

BUG/MEDIUM: ssl: fix msg callbacks on QUIC connections

With QUIC backend implementation, SSL code has been adjusted in several
place when accessing connection instance. Indeed, with QUIC usage, SSL
context is tied up to quic_conn, and code may be executed prior/after
connection instantiation. For example, on frontend side, connection is
only created after QUIC handshake completion.

The following patch tried to fix unsafe accesses to connection. In
particular, msg callbacks are not called anymore if connection is NULL.

fab7da0fd0a67a9e7286839efca95ecdbf3a059e
BUG/MEDIUM: quic-be/ssl_sock: TLS callback called without connection

However, most msg callbacks do not need to use the connection instance.
The only occurence where it is accessed is for heartbeat message
parsing, which is the only case of crash solved. The above fix is too
restrictive as it completely prevents execution of these callbacks when
connection is unset. This breaks several features with QUIC, such as SSL
key logging or samples based on ClientHello capture.

The current patch reverts the above one. Thus, this restores invokation
of msg callbacks for QUIC during the whole low-level connection
lifetime. This requires a small adjustment in heartbeat parsing callback
to prevent access on a NULL connection.

The issue on ClientHello capture was mentionned in github issue #2495.

This must be backported up to 3.3.