BUG/MEDIUM: ssl: Don't set the max early data we can receive too early.

When accepting the max early data, don't set it on the SSL_CTX while parsing
the configuration, as at this point global.tune.maxrewrite may still be -1,
either because it was not set, or because it hasn't been set yet. Instead,
set it for each connection, just after we created the new SSL.
Not doing so meant that we could pretend to accept early data bigger than one
of our buffer.

This should be backported to 2.1, 2.0, 1.9 and 1.8.

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 5930c25a8f2fad82950208427ecb3717e67ae7db..0a529725e180d6941a34000e8e978264e55f3c13 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -4687,10 +4687,8 @@ ssl_sock_initial_ctx(struct bind_conf *bind_conf)
        SSL_CTX_set_select_certificate_cb(ctx, ssl_sock_switchctx_cbk);
        SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
 #elif (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
-       if (bind_conf->ssl_conf.early_data) {
+       if (bind_conf->ssl_conf.early_data)
                SSL_CTX_set_options(ctx, SSL_OP_NO_ANTI_REPLAY);
-               SSL_CTX_set_max_early_data(ctx, global.tune.bufsize - global.tune.maxrewrite);
-       }
        SSL_CTX_set_client_hello_cb(ctx, ssl_sock_switchctx_cbk, NULL);
        SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
 #else
@@ -5991,6 +5989,10 @@ static int ssl_sock_init(struct connection *conn, void **xprt_ctx)
                        conn->err_code = CO_ER_SSL_NO_MEM;
                        goto err;
                }
+#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
+               if (__objt_listener(conn->target)->bind_conf->ssl_conf.early_data)
+                       SSL_set_max_early_data(ctx->ssl, global.tune.bufsize - global.tune.maxrewrite);
+#endif
 
                ctx->bio = BIO_new(ha_meth);
                if (!ctx->bio) {