OPTIM: quic: adjust automatic ALPN setting for QUIC servers

If a QUIC server is declared without ALPN, "h3" value is automatically
set during _srv_parse_finalize().

This patch adjusts this operation. Instead of relying on
ssl_sock_parse_alpn(), a plain strdup() is used. This is considered more
efficient as the ALPN string is constant in this case. This method is
already used for listeners on the frontend side.

diff --git a/doc/configuration.txt b/doc/configuration.txt
index 55b84b880239802edda81966c620f09953efd26f..32c49509827d8fe19e4e11d0ca69516a8a495f0b 100644 (file)
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -17696,7 +17696,9 @@ alpn <protocols>
   delimited list of protocol names, for instance: "http/1.1,http/1.0" (without
   quotes). This requires that the SSL library is built with support for TLS
   extensions enabled (check with haproxy -vv). The ALPN extension replaces the
-  initial NPN extension. ALPN is required to connect to HTTP/2 servers.
+  initial NPN extension. ALPN is required to connect to HTTP/2 servers. It is
+  also required to be able to use HTTP/3 via a QUIC server, "h3" serves as a
+  default value for QUIC servers without "alpn" setting.
   Versions of OpenSSL prior to 1.0.2 didn't support ALPN and only supposed the
   now obsolete NPN extension.
   If both HTTP/2 and HTTP/1.1 are expected to be supported, both versions can

diff --git a/src/server.c b/src/server.c
index 02980db729f8c2e2294cbbfa4292ab8897081cdc..ba0419316a1325cb4fad2f94cce2afd509bdb2ed 100644 (file)
--- a/src/server.c
+++ b/src/server.c
@@ -3935,10 +3935,13 @@ static int _srv_parse_finalize(char **args, int cur_arg,
                        ha_warning("QUIC protocol detected, enabling ssl. Use 'ssl' to shut this warning.\n");
                }
 
-               if (!srv->ssl_ctx.alpn_str &&
-                   ssl_sock_parse_alpn("h3", &srv->ssl_ctx.alpn_str,
-                                       &srv->ssl_ctx.alpn_len, &errmsg) != 0) {
-                       return ERR_ALERT | ERR_FATAL;
+               if (!srv->ssl_ctx.alpn_str) {
+                       srv->ssl_ctx.alpn_str = strdup("\002h3");
+                       if (!srv->ssl_ctx.alpn_str) {
+                               ha_alert("out of memory while trying to allocate a default alpn string.\n");
+                               return ERR_ALERT | ERR_FATAL;
+                       }
+                       srv->ssl_ctx.alpn_len = strlen(srv->ssl_ctx.alpn_str);
                }
 #else
                ha_alert("QUIC protocol selected but support not compiled in (check build options).\n");