From: Frédéric Lécaille <flecaille@haproxy.com>
Date: Fri, 2 Jun 2023 15:05:38 +0000 (+0200)
Subject: MINOR: quic: Do not enable 0RTT with SSL_set_quic_early_data_enabled()
X-Git-Tag: v2.9-dev2~13
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d66b95d33d0212421969da1a214be0147797fed0;p=thirdparty%2Fhaproxy.git

MINOR: quic: Do not enable 0RTT with SSL_set_quic_early_data_enabled()

SSL_set_quic_early_data_enabled is not implemented by the QUIC OpenSSL wrapper.
Furthermore O-RTT is not supported by this wrapper. Do not know why at
this time.
---

diff --git a/src/quic_conn.c b/src/quic_conn.c
index 3ecd377f85..c1d9cd8025 100644
--- a/src/quic_conn.c
+++ b/src/quic_conn.c
@@ -6721,9 +6721,11 @@ static int qc_conn_alloc_ssl_ctx(struct quic_conn *qc)
 		if (qc_ssl_sess_init(qc, bc->initial_ctx, &ctx->ssl) == -1)
 		        goto err;
 #if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
+#ifndef USE_QUIC_OPENSSL_COMPAT
 		/* Enabling 0-RTT */
 		if (bc->ssl_conf.early_data)
 			SSL_set_quic_early_data_enabled(ctx->ssl, 1);
+#endif
 #endif
 
 		SSL_set_accept_state(ctx->ssl);