From: William Lallemand <wlallemand@haproxy.com>
Date: Mon, 29 Jan 2024 17:17:04 +0000 (+0100)
Subject: MINOR: ssl: add HAVE_SSL_0RTT constant
X-Git-Tag: v3.0-dev3~140
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f5353f2c;p=thirdparty%2Fhaproxy.git

MINOR: ssl: add HAVE_SSL_0RTT constant

Add the HAVE_SSL_0RTT constant which define if the SSL library supports
0RTT. Which is different from HA_OPENSSL_HAVE_0RTT_SUPPORT which was
used only in the context of QUIC
---

diff --git a/include/haproxy/openssl-compat.h b/include/haproxy/openssl-compat.h
index 430b22311d..b072517588 100644
--- a/include/haproxy/openssl-compat.h
+++ b/include/haproxy/openssl-compat.h
@@ -48,10 +48,6 @@
 #include <haproxy/quic_openssl_compat.h>
 #endif
 
-/* At this time, wolfssl, libressl and the openssl QUIC compatibility do not support 0-RTT */
-#if !defined(USE_QUIC_OPENSSL_COMPAT) && !defined(LIBRESSL_VERSION_NUMBER) && !defined(USE_OPENSSL_WOLFSSL)
-#define HA_OPENSSL_HAVE_0RTT_SUPPORT
-#endif
 
 #if defined(LIBRESSL_VERSION_NUMBER)
 /* LibreSSL is a fork of OpenSSL 1.0.1g but pretends to be 2.0.0, thus
@@ -113,6 +109,14 @@
 #define HAVE_SSL_get0_verified_chain
 #endif
 
+#if defined(SSL_OP_NO_ANTI_REPLAY)
+#define HAVE_SSL_0RTTT
+#endif
+
+/* At this time, wolfssl, libressl and the openssl QUIC compatibility do not support 0-RTT */
+#if defined(HAVE_SSL_0RTT) && !defined(USE_QUIC_OPENSSL_COMPAT) && !defined(LIBRESSL_VERSION_NUMBER) && !defined(USE_OPENSSL_WOLFSSL)
+#define HA_OPENSSL_HAVE_0RTT_SUPPORT
+#endif
 
 #if (HA_OPENSSL_VERSION_NUMBER >= 0x3000000fL)
 #define HAVE_OSSL_PARAM