From: Frédéric Lécaille <flecaille@haproxy.com>
Date: Fri, 2 Jun 2023 14:51:43 +0000 (+0200)
Subject: MINOR: quic: Do not enable O-RTT with USE_QUIC_OPENSSL_COMPAT
X-Git-Tag: v2.9-dev2~15
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=85d763b11e23e948a6f8e17aa8a14d74470899c2;p=thirdparty%2Fhaproxy.git

MINOR: quic: Do not enable O-RTT with USE_QUIC_OPENSSL_COMPAT

Modify ssl_quic_initial_ctx() to disable O-RTT when the QUIC OpenSSL wrapper was
enabled.
---

diff --git a/src/quic_conn.c b/src/quic_conn.c
index 157cdbd730..dd2c6f2353 100644
--- a/src/quic_conn.c
+++ b/src/quic_conn.c
@@ -1444,7 +1444,9 @@ int ssl_quic_initial_ctx(struct bind_conf *bind_conf)
 #  if defined(SSL_OP_NO_ANTI_REPLAY)
 	if (bind_conf->ssl_conf.early_data) {
 		SSL_CTX_set_options(ctx, SSL_OP_NO_ANTI_REPLAY);
+#ifndef USE_QUIC_OPENSSL_COMPAT
 		SSL_CTX_set_max_early_data(ctx, 0xffffffff);
+#endif
 	}
 #  endif /* !SSL_OP_NO_ANTI_REPLAY */
 	SSL_CTX_set_client_hello_cb(ctx, ssl_sock_switchctx_cbk, NULL);