BUG/MINOR: ech/quic: enable ech configuration also for quic listeners

Patch dba4fd24 ("MEDIUM: ssl/ech: config and load keys") introduced
ECH configuration for bind lines, but the QUIC configuration parsers
still suffers from not using the same code as the TCP/TLS one, so the
init for QUIC was missed.

Must be backported in 3.3.

diff --git a/src/quic_ssl.c b/src/quic_ssl.c
index 2dce68643b0fd2c7d383ea9a1ea9750a8e172a02..c838a5e0676771512218f500293c18160f974c79 100644 (file)
--- a/src/quic_ssl.c
+++ b/src/quic_ssl.c
@@ -10,6 +10,9 @@
 #include <haproxy/ssl_sock.h>
 #include <haproxy/stats.h>
 #include <haproxy/trace.h>
+#ifdef USE_ECH
+#include <haproxy/ech.h>
+#endif
 
 DECLARE_TYPED_POOL(pool_head_quic_ssl_sock_ctx, "quic_ssl_sock_ctx", struct ssl_sock_ctx);
 const char *default_quic_ciphersuites = "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384"
@@ -810,6 +813,20 @@ int ssl_quic_initial_ctx(struct bind_conf *bind_conf)
                cfgerr++;
 #endif
 
+#ifdef USE_ECH
+       if (bind_conf->ssl_conf.ech_filedir) {
+               int loaded = 0;
+
+               if (load_echkeys(ctx, bind_conf->ssl_conf.ech_filedir, &loaded) != 1) {
+                       cfgerr += 1;
+                       ha_alert("Proxy '%s': failed to load ECH key s from %s for '%s' at [%s:%d].\n",
+                                bind_conf->frontend->id, bind_conf->ssl_conf.ech_filedir,
+                                bind_conf->arg, bind_conf->file, bind_conf->line);
+               }
+       }
+#endif
+
+
        return cfgerr;
 }