From: William Lallemand <wlallemand@haproxy.org>
Date: Fri, 2 Sep 2022 14:24:39 +0000 (+0200)
Subject: BUILD: quic: enable early data only with >= openssl 1.1.1
X-Git-Tag: v2.7-dev6~98
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e6ec626ac5b21041b997de350f29e385c479155d;p=thirdparty%2Fhaproxy.git

BUILD: quic: enable early data only with >= openssl 1.1.1

Disable the early data in the QUIC code when not built with openssl >=
1.1.1.

LibreSSL 3.6.0 is impacted.
---

diff --git a/src/xprt_quic.c b/src/xprt_quic.c
index d8c0f5e947..8cc927e819 100644
--- a/src/xprt_quic.c
+++ b/src/xprt_quic.c
@@ -5760,10 +5760,11 @@ static int qc_conn_alloc_ssl_ctx(struct quic_conn *qc)
 		                     qc->enc_params, qc->enc_params_len) == -1) {
 		        goto err;
 		}
-
+#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
 		/* Enabling 0-RTT */
 		if (bc->ssl_conf.early_data)
 			SSL_set_quic_early_data_enabled(ctx->ssl, 1);
+#endif
 
 		SSL_set_accept_state(ctx->ssl);
 	}