From: Frédéric Lécaille <flecaille@haproxy.com>
Date: Wed, 7 Jun 2023 09:19:51 +0000 (+0200)
Subject: MINOR: quic: Initialize TLS contexts for QUIC openssl wrapper
X-Git-Tag: v2.9-dev2~9
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=557706b3;p=thirdparty%2Fhaproxy.git

MINOR: quic: Initialize TLS contexts for QUIC openssl wrapper

When the QUIC OpenSSL wrapper use is enabled, all the TLS contexts (SSL_CTX) must
be configured to support it. This is done calling quic_tls_compat_init() from
ssl_sock_prepare_ctx(). Note that quic_tls_compat_init() ignore the TLS context
which are not linked to non-QUIC TLS sessions/connections.

Required for the QUIC openssl wrapper support.
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 9f48483d9a..149d5812ab 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -4799,6 +4799,11 @@ static int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, struct ssl_bind_con
 	}
 #endif
 
+#ifdef USE_QUIC_OPENSSL_COMPAT
+	if (!quic_tls_compat_init(bind_conf, ctx))
+		cfgerr |= ERR_ALERT | ERR_FATAL;
+#endif
+
 	return cfgerr;
 }