MINOR: quic: Enable TLS 0-RTT if needed

Enable 0-RTT at the TLS context level:
    RFC 9001 4.6.1. Enabling 0-RTT
    Accordingly, the max_early_data_size parameter is repurposed to hold a
    sentinel value 0xffffffff to indicate that the server is willing to accept
    QUIC 0-RTT data.
At the SSL connection level, we must call SSL_set_quic_early_data_enabled().

diff --git a/src/xprt_quic.c b/src/xprt_quic.c
index 08c4ad11a17743308a72fdbb22a421f03748cafd..55c45f964bf0a0904c0c6097c5f36bd4637403f9 100644 (file)
--- a/src/xprt_quic.c
+++ b/src/xprt_quic.c
@@ -1184,7 +1184,7 @@ int ssl_quic_initial_ctx(struct bind_conf *bind_conf)
 #elif (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
        if (bind_conf->ssl_conf.early_data) {
                SSL_CTX_set_options(ctx, SSL_OP_NO_ANTI_REPLAY);
-               SSL_CTX_set_max_early_data(ctx, global.tune.bufsize - global.tune.maxrewrite);
+               SSL_CTX_set_max_early_data(ctx, 0xffffffff);
        }
        SSL_CTX_set_client_hello_cb(ctx, ssl_sock_switchctx_cbk, NULL);
        SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
@@ -5075,6 +5075,10 @@ static int qc_conn_init(struct connection *conn, void **xprt_ctx)
                                     qc->enc_params, qc->enc_params_len) == -1)
                        goto err;
 
+               /* Enabling 0-RTT */
+               if (bc->ssl_conf.early_data)
+                       SSL_set_quic_early_data_enabled(ctx->ssl, 1);
+
                SSL_set_accept_state(ctx->ssl);
        }