MINOR: listener: automatically enable SSL if a QUIC transport is found

When a bind line is configured without the "ssl" keyword, a warning is
emitted and a crash happens at runtime:

   bind quic4@:4449 crt rsa+dh2048.pem alpn h3 allow-0rtt

   [WARNING]  (17867) : config : Proxy 'decrypt': A certificate was specified but SSL was not enabled on bind 'quic4@:4449' at [quic-mini.cfg:24] (use 'ssl').

Let's automatically turn SSL on when QUIC is detected, as it doesn't
exist without SSL anyway. It solves the runtime issue, and also makes
sure it is not possible to accidentally configure a quic listener with
no certificate since the error is detected via the SSL checks.

A warning is emitted in this case, to encourage the user to fix the
configuration so that it remains reviewable.

diff --git a/src/listener.c b/src/listener.c
index 929c2387aac19b7c28af0a07cc0a2b16660eb462..53039bb60d03dbd225992e1c69f3f74a44a3385e 100644 (file)
--- a/src/listener.c
+++ b/src/listener.c
@@ -1648,6 +1648,11 @@ int bind_parse_args_list(struct bind_conf *bind_conf, char **args, int cur_arg,
        if ((bind_conf->options & (BC_O_USE_SOCK_DGRAM|BC_O_USE_XPRT_STREAM)) == (BC_O_USE_SOCK_DGRAM|BC_O_USE_XPRT_STREAM)) {
 #ifdef USE_QUIC
                bind_conf->xprt = xprt_get(XPRT_QUIC);
+               if (!(bind_conf->options & BC_O_USE_SSL)) {
+                       bind_conf->options |= BC_O_USE_SSL;
+                       ha_warning("parsing [%s:%d] : '%s %s' in section '%s' : QUIC protocol detected, enabling ssl. Use 'ssl' to shut this warning.\n",
+                                file, linenum, args[0], args[1], section);
+               }
                quic_transport_params_init(&bind_conf->quic_params, 1);
 #else
                ha_alert("parsing [%s:%d] : '%s %s' in section '%s' : QUIC protocol selected but support not compiled in (check build options).\n",