BUG/MINOR: quic-be: missing connection stream closure upon TLS alert to send

This is the same issue as the one fixed by this commit:
   BUG/MINOR: quic-be: handshake errors without connection stream closure
But this time this is when the client has to send an alert to the server.
The fix consists in creating the mux after having set the handshake connection
error flag and error_code.

This bug was revealed by ssl/set_ssl_cafile.vtc reg test.

Depends on this commit:
     MINOR: quic: avoid code duplication in TLS alert callback

Must be backported to 3.3

diff --git a/src/quic_ssl.c b/src/quic_ssl.c
index 155e9e8ec81ec1d70b90cdf64545a0a9d6ba934b..c1fcfe23bb3135f9d90b7394aa7cea1311a4478a 100644 (file)
--- a/src/quic_ssl.c
+++ b/src/quic_ssl.c
@@ -171,6 +171,15 @@ static int ha_quic_send_alert(SSL *ssl, enum ssl_encryption_level_t level, uint8
        TRACE_PROTO("Received TLS alert", QUIC_EV_CONN_SSLALERT, qc, &alert, &level);
 
        quic_set_tls_alert(qc, alert);
+       if (qc->conn) {
+               ssl_sock_handle_hs_error(qc->conn);
+               if (objt_server(qc->conn->target) && !qc->conn->mux) {
+                       /* This has as side effect to close the connection stream */
+                       if (conn_create_mux(qc->conn, NULL) >= 0)
+                               qc->conn->mux->wake(qc->conn);
+               }
+       }
+
        TRACE_LEAVE(QUIC_EV_CONN_SSLALERT, qc);
        return 1;
 }