BUG/MEDIUM: quic: SSL/TCP handshake failures with OpenSSL 3.5

This bug arrived with this commit:

    MINOR: quic: OpenSSL 3.5 internal QUIC custom extension for transport parameters reset

To make QUIC connection succeed with OpenSSL 3.5 API, a call to quic_ssl_set_tls_cbs()
was needed from several callback which call SSL_set_SSL_CTX(). This has as side effect
to set the QUIC callbacks used by the OpenSSL 3.5 API.

But quic_ssl_set_tls_cbs() was also called for TCP sessions leading the SSL stack
to run QUIC code, if the QUIC support is enabled.

To fix this, simply ignore the TCP connections inspecting the <ssl_qc_app_data_index>
index value which is NULL for such connections.

Must be backported to 3.2.

diff --git a/src/quic_ssl.c b/src/quic_ssl.c
index 9ae5d81594c828d7a88e84ae13118bae3da1f1ba..fe1b5bc12e9b58ae0fee4136a0cfe9ffc52eecf4 100644 (file)
--- a/src/quic_ssl.c
+++ b/src/quic_ssl.c
@@ -1095,6 +1095,12 @@ int qc_ssl_provide_all_quic_data(struct quic_conn *qc, struct ssl_sock_ctx *ctx)
 /* Simple helper to set the specifig OpenSSL/quictls QUIC API callbacks */
 int quic_ssl_set_tls_cbs(SSL *ssl)
 {
+       struct quic_conn *qc = SSL_get_ex_data(ssl, ssl_qc_app_data_index);
+
+       /* Ignore the TCP connections */
+       if (!qc)
+               return 1;
+
 #ifdef HAVE_OPENSSL_QUIC
        return SSL_set_quic_tls_cbs(ssl, ha_quic_dispatch, NULL);
 #else