git.ipfire.org Git - thirdparty/haproxy.git/commit

author	Frederic Lecaille <flecaille@haproxy.com>
	Mon, 4 Aug 2025 16:39:08 +0000 (18:39 +0200)
committer	Frederic Lecaille <flecaille@haproxy.com>
	Thu, 11 Sep 2025 16:23:33 +0000 (18:23 +0200)
commit	aad8bbffb59cb9d337120e714ed47123e7fe8fac
tree	c6fb98e41d2454c8606e6cd53041124fe9460f76	tree \| snapshot
parent	86a9e2aad0b77976376bb9f036f41130cf74c5e8	commit \| diff

MINOR: quic-be: validate the 0-RTT transport parameters

During 0-RTT sessions, some server transport parameters are reused after having
been save from previous sessions. These parameters must not be reduced
when it resends them. The client must check this is the case when some early data
are accepted by the server. This is what is implemented by this patch.

Implement qc_early_tranport_params_validate() which checks the new server parameters
are not reduced.

Also implement qc_ssl_eary_data_accepted() which was not implemented for TLS
stack without 0-RTT support (for instance wolfssl). That said this function
was no more used. This is why the compilation against wolfssl could not fail.

include/haproxy/quic_ssl.h		diff \| blob \| blame \| history
include/haproxy/quic_tp.h		diff \| blob \| blame \| history
src/quic_ssl.c		diff \| blob \| blame \| history
src/quic_tp.c		diff \| blob \| blame \| history
src/ssl_clienthello.c		diff \| blob \| blame \| history