git.ipfire.org Git - thirdparty/haproxy.git/commit

author	Amaury Denoyelle <adenoyelle@haproxy.com>
	Tue, 4 Nov 2025 16:28:56 +0000 (17:28 +0100)
committer	Amaury Denoyelle <adenoyelle@haproxy.com>
	Tue, 4 Nov 2025 16:38:09 +0000 (17:38 +0100)
commit	5a17cade4f60c6ba5a9321916df874233ab898cb
tree	156708498da0351582c117c400776402410bb33b	tree \| snapshot
parent	69de7ec14e01b1724773ceda019f654dd381b522	commit \| diff

MINOR: quic: do not set conn member if ssl_sock_ctx

ssl_sock_ctx is a generic object used both on TCP/SSL and QUIC stacks.
Most notably it contains a <conn> member which is a pointer to struct
connection.

On QUIC frontend side, this member is always set to NULL. Indeed,
connection is only created after handshake completion. However, this has
changed for backend side, where the connection is instantiated prior to
its quic_conn counterpart. Thus, ssl_sock_ctx member would be set in
this case as a convenience for use later in qc_ssl_do_hanshake().

However, this method was unsafe as the connection can be released,
without resetting ssl_sock_ctx member. Thus, the previous patch fixes
this by using on <conn> member through the quic_conn instance which is
the proper way.

Thus, this patch resets ssl_sock_ctx <conn> member to NULL. This is
deemed the cleanest method as it ensures that both frontend and backend
sides must not use it anymore.

include/haproxy/quic_ssl.h		diff \| blob \| blame \| history
src/quic_conn.c		diff \| blob \| blame \| history
src/quic_ssl.c		diff \| blob \| blame \| history