git.ipfire.org Git - thirdparty/haproxy.git/commit

author	Frederic Lecaille <flecaille@haproxy.com>
	Mon, 4 Aug 2025 16:39:08 +0000 (18:39 +0200)
committer	Frederic Lecaille <flecaille@haproxy.com>
	Thu, 13 Nov 2025 13:04:31 +0000 (14:04 +0100)
commit	d84463f9f609eea2b6d04b86228735164c136c58
tree	1fef8cc406708ba4b3565931b364ce30703efe42	tree \| snapshot
parent	6419b9f204c7162c6a952f1104d5847f007d6197	commit \| diff

MINOR: quic-be: validate the 0-RTT transport parameters

During 0-RTT sessions, some server transport parameters are reused after having
been save from previous sessions. These parameters must not be reduced
when it resends them. The client must check this is the case when some early data
are accepted by the server. This is what is implemented by this patch.

Implement qc_early_tranport_params_validate() which checks the new server parameters
are not reduced.

Also implement qc_ssl_eary_data_accepted() which was not implemented for TLS
stack without 0-RTT support (for instance wolfssl). That said this function
was no more used. This is why the compilation against wolfssl could not fail.

include/haproxy/quic_ssl.h		diff \| blob \| blame \| history
include/haproxy/quic_tp.h		diff \| blob \| blame \| history
src/quic_ssl.c		diff \| blob \| blame \| history
src/quic_tp.c		diff \| blob \| blame \| history
src/ssl_clienthello.c		diff \| blob \| blame \| history