MINOR: quic: Prevent QUIC backend use with the OpenSSL QUIC compatibility module...

Make the server line parsing fail when a QUIC backend is configured  if haproxy
is built to use the OpenSSL stack compatibility module. This latter does not
support the QUIC client part.

diff --git a/include/haproxy/openssl-compat.h b/include/haproxy/openssl-compat.h
index 917258d9a87ea49c30605c13019d9bfa088af3f0..97a1b7e88dc4782b55da8f4ed085cdf9ca97691d 100644 (file)
--- a/include/haproxy/openssl-compat.h
+++ b/include/haproxy/openssl-compat.h
@@ -47,6 +47,7 @@
 #ifdef USE_QUIC_OPENSSL_COMPAT
 #include <haproxy/quic_openssl_compat.h>
 #else
+#define HAVE_OPENSSL_QUIC_CLIENT_SUPPORT
 #if defined(OSSL_FUNC_SSL_QUIC_TLS_CRYPTO_SEND)
 /* This macro is defined by the new OpenSSL 3.5.0 QUIC TLS API and it is not
  * defined by quictls.

diff --git a/src/server.c b/src/server.c
index c5d29a30a4c21918351747d35b44ef8e28526faf..c2597091a4e5a7914b78df68a88a417c497650fa 100644 (file)
--- a/src/server.c
+++ b/src/server.c
@@ -3610,6 +3610,7 @@ static int _srv_parse_init(struct server **srv, char **args, int *cur_arg,
                }
 
 #ifdef USE_QUIC
+#ifdef HAVE_OPENSSL_QUIC_CLIENT_SUPPORT
                if (srv_is_quic(newsrv)) {
                        if (!experimental_directives_allowed) {
                                ha_alert("QUIC is experimental for server '%s',"
@@ -3622,6 +3623,14 @@ static int _srv_parse_init(struct server **srv, char **args, int *cur_arg,
                        newsrv->xprt = xprt_get(XPRT_QUIC);
                        quic_transport_params_init(&newsrv->quic_params, 0);
                }
+#else
+               if (srv_is_quic(newsrv)) {
+                       ha_alert("The SSL stack does not provide a support for QUIC server '%s'",
+                                newsrv->id);
+                       err_code |= ERR_ALERT | ERR_FATAL;
+                       goto out;
+               }
+#endif
 #endif
 
                if (!port1 || !port2) {