WIP/BUG/MINOR: quic: backend SSL session reuse fix (HAVE_OPENSSL_QUIC)

This bug impacts only the QUIC backends when haproxy is compiled against
OpenSSL 3.5 with QUIC API(HAVE_OPENSSL_QUIC).

The QUIC clients could not reuse their SSL session because the TLS tickets
received from the servers could not be provided to the TLS stack. This should
be done when the stack calls ha_quic_ossl_crypto_recv_rcd()
(OSSL_FUNC_SSL_QUIC_TLS_CRYPTO_RECV_RCD callback).

According to OpenSSL team, an SSL_read() call must be done after the handshake
completion. It seems the correct location is at the same level as for
SSL_process_quic_post_handshake() for quictls.

Thank you to @mattcaswell, @Sashan and @vdukhovni for having helped in solvin
this issue.

Must be backported to 3.1

diff --git a/src/quic_ssl.c b/src/quic_ssl.c
index 4fb377f90dd3a1434eac5c8199b6b5d80fe9400a..6a15d542466c185f5b716e0f82eae92d583218f6 100644 (file)
--- a/src/quic_ssl.c
+++ b/src/quic_ssl.c
@@ -1046,6 +1046,14 @@ int qc_ssl_do_hanshake(struct quic_conn *qc, struct ssl_sock_ctx *ctx)
 
                TRACE_STATE("SSL post handshake succeeded", QUIC_EV_CONN_IO_CB, qc, &state);
        }
+#else
+       else {
+               /*
+                * poke to SSL state engine to give TLS record layer chance to handle
+                * session ticket.
+                */
+               SSL_read(ctx->ssl, NULL, 0);
+       }
 #endif
 
  out: