From: Frederic Lecaille <flecaille@haproxy.com>
Date: Thu, 15 May 2025 08:18:09 +0000 (+0200)
Subject: MINOR: quic: Add useful error traces about qc_ssl_sess_init() failures
X-Git-Tag: v3.2-dev17~24
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=894595b711835dba9a7432fa364ea57806b2bb0c;p=thirdparty%2Fhaproxy.git

MINOR: quic: Add useful error traces about qc_ssl_sess_init() failures

There were no traces to diagnose qc_ssl_sess_init() failures from QUIC traces.
This patch add calls to TRACE_DEVEL() into qc_ssl_sess_init() and its caller
(qc_alloc_ssl_sock_ctx()). This was useful at least to diagnose SSL context
initialization failures when porting QUIC to the new OpenSSL 3.5 QUIC API.

Should be easily backported as far as 2.6.
---

diff --git a/src/quic_ssl.c b/src/quic_ssl.c
index 7e409e31b..4734136a4 100644
--- a/src/quic_ssl.c
+++ b/src/quic_ssl.c
@@ -752,7 +752,7 @@ static int qc_ssl_sess_init(struct quic_conn *qc, SSL_CTX *ssl_ctx, SSL **ssl)
 	*ssl = SSL_new(ssl_ctx);
 	if (!*ssl) {
 		if (!retry--)
-			goto leave;
+			goto err;
 
 		pool_gc(NULL);
 		goto retry;
@@ -763,7 +763,7 @@ static int qc_ssl_sess_init(struct quic_conn *qc, SSL_CTX *ssl_ctx, SSL **ssl)
 		SSL_free(*ssl);
 		*ssl = NULL;
 		if (!retry--)
-			goto leave;
+			goto err;
 
 		pool_gc(NULL);
 		goto retry;
@@ -773,6 +773,9 @@ static int qc_ssl_sess_init(struct quic_conn *qc, SSL_CTX *ssl_ctx, SSL **ssl)
  leave:
 	TRACE_LEAVE(QUIC_EV_CONN_NEW, qc);
 	return ret;
+ err:
+	TRACE_DEVEL("leaving on error", QUIC_EV_CONN_NEW, qc);
+	goto leave;
 }
 
 #ifdef HAVE_SSL_0RTT_QUIC
@@ -870,6 +873,7 @@ int qc_alloc_ssl_sock_ctx(struct quic_conn *qc)
 	return !ret;
 
  err:
+	TRACE_DEVEL("leaving on error", QUIC_EV_CONN_NEW, qc);
 	pool_free(pool_head_quic_ssl_sock_ctx, ctx);
 	goto leave;
 }