BUILD: quic: Fix build error when building QUIC against libressl.

This previous commit was not sufficient to completely fix the building issue
in relation with the TLS stack 0-RTT support. LibreSSL was the last TLS
stack to refuse to compile because of undefined a QUIC specific function
for 0-RTT: SSL_set_quic_early_data_enabled().

To get rid of such compilation issues, define HA_OPENSSL_HAVE_0RTT_SUPPORT
only when building against TLS stack with 0-RTT support.

No need to backport.

diff --git a/include/haproxy/openssl-compat.h b/include/haproxy/openssl-compat.h
index 5639468c98df2fbd1abb2f439c9ffba467ff6171..430b22311dabb07b1444a0f819d2e156706523f0 100644 (file)
--- a/include/haproxy/openssl-compat.h
+++ b/include/haproxy/openssl-compat.h
@@ -48,6 +48,11 @@
 #include <haproxy/quic_openssl_compat.h>
 #endif
 
+/* At this time, wolfssl, libressl and the openssl QUIC compatibility do not support 0-RTT */
+#if !defined(USE_QUIC_OPENSSL_COMPAT) && !defined(LIBRESSL_VERSION_NUMBER) && !defined(USE_OPENSSL_WOLFSSL)
+#define HA_OPENSSL_HAVE_0RTT_SUPPORT
+#endif
+
 #if defined(LIBRESSL_VERSION_NUMBER)
 /* LibreSSL is a fork of OpenSSL 1.0.1g but pretends to be 2.0.0, thus
  * systematically breaking when some code is written for a specific version

diff --git a/src/quic_ssl.c b/src/quic_ssl.c
index 91dc107074dc6f50ed0aa1afb70be6bfbf697ee5..d4726079db6f578bc8886bb62a530b61c2a92649 100644 (file)
--- a/src/quic_ssl.c
+++ b/src/quic_ssl.c
@@ -735,7 +735,7 @@ static int qc_ssl_sess_init(struct quic_conn *qc, SSL_CTX *ssl_ctx, SSL **ssl)
        return ret;
 }
 
-#if !defined(USE_QUIC_OPENSSL_COMPAT) && !defined(USE_OPENSSL_WOLFSSL)
+#ifdef HA_OPENSSL_HAVE_0RTT_SUPPORT
 
 /* Enable early data for <ssl> QUIC TLS session.
  * Return 1 if succeeded, 0 if not.
@@ -770,7 +770,7 @@ static int qc_set_quic_early_data_enabled(struct quic_conn *qc, SSL *ssl)
 
        return 1;
 }
-#endif // USE_QUIC_OPENSSL_COMPAT
+#endif // HA_OPENSSL_HAVE_0RTT_SUPPORT
 
 /* Allocate the ssl_sock_ctx from connection <qc>. This creates the tasklet
  * used to process <qc> received packets. The allocated context is stored in
@@ -807,12 +807,10 @@ int qc_alloc_ssl_sock_ctx(struct quic_conn *qc)
        if (qc_is_listener(qc)) {
                if (qc_ssl_sess_init(qc, bc->initial_ctx, &ctx->ssl) == -1)
                        goto err;
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
-#if !defined(USE_QUIC_OPENSSL_COMPAT) && !defined(USE_OPENSSL_WOLFSSL)
+#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L) && defined(HA_OPENSSL_HAVE_0RTT_SUPPORT)
                /* Enabling 0-RTT */
                if (bc->ssl_conf.early_data && !qc_set_quic_early_data_enabled(qc, ctx->ssl))
                        goto err;
-#endif
 #endif
 
                SSL_set_accept_state(ctx->ssl);