From: William Lallemand <wlallemand@haproxy.com>
Date: Mon, 29 Jul 2024 13:42:47 +0000 (+0200)
Subject: BUG/MEDIUM: ssl: reactivate 0-RTT for AWS-LC
X-Git-Tag: v3.1-dev5~63
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=56eefd6827b42afcefed7cc41d2cc38f5c1a2172;p=thirdparty%2Fhaproxy.git

BUG/MEDIUM: ssl: reactivate 0-RTT for AWS-LC

Then reactivate HAVE_SSL_0RTT and HAVE_SSL_0RTT_QUIC for AWS-LC, which
were wrongly deactivated in f5353f2c ("MINOR: ssl: add HAVE_SSL_0RTT
constant").

Must be backported to 3.0.
---

diff --git a/include/haproxy/openssl-compat.h b/include/haproxy/openssl-compat.h
index ab4f58e96a..dc903063ed 100644
--- a/include/haproxy/openssl-compat.h
+++ b/include/haproxy/openssl-compat.h
@@ -114,7 +114,7 @@
 #define HAVE_SSL_get0_verified_chain
 #endif
 
-#if defined(SSL_OP_NO_ANTI_REPLAY)
+#if defined(SSL_OP_NO_ANTI_REPLAY) || defined(OPENSSL_IS_BORINGSSL) || defined(USE_OPENSSL_AWSLC)
 #define HAVE_SSL_0RTT
 #endif