From: Olivier Houchard Date: Wed, 20 May 2026 11:05:05 +0000 (+0200) Subject: BUG/MEDIUM: servers: Don't forget to set srv_hash when needed X-Git-Tag: v3.4-dev13~11 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=05e65489cbc6a9b58b6f66ba47731ceab38fb815;p=thirdparty%2Fhaproxy.git BUG/MEDIUM: servers: Don't forget to set srv_hash when needed Commit 8aa854ab26a7daa613a17548f1fe1d0adb8cf61b made it so we'd store the hash corresponding to the server parameters, so that we could detect if we're still talking to the same server, and not use those parameters if not. However, when updating those parameters, we forgot to store the new hash, which would result in the new parameters never be used, and breakling 0RTT. Fix that by properly update the hash when needed. This should be backported when 8aa854ab26a7daa613a17548f1fe1d0adb8cf61b is backported. --- diff --git a/src/ssl_sock.c b/src/ssl_sock.c index b74ee1952..ee6ddfd84 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -4295,6 +4295,7 @@ static int ssl_sess_new_srv_cb(SSL *ssl, SSL_SESSION *sess) memcpy(&s->path_params.nego_alpn, alpn, len); s->path_params.nego_alpn[len] = 0; /* The transport parameters are not stored without ALPN */ + s->path_params.srv_hash = conn->hash_node.key; qc_early_transport_params_cpy(qc, etps, &qc->tx.params); HA_RWLOCK_WRUNLOCK(SERVER_LOCK, &s->path_params.param_lock); } @@ -6928,6 +6929,7 @@ struct task *ssl_sock_io_cb(struct task *t, void *context, unsigned int state) HA_RWLOCK_WRLOCK(SERVER_LOCK, &srv->path_params.param_lock); memcpy(&srv->path_params.nego_alpn, alpn, len); srv->path_params.nego_alpn[len] = 0; + srv->path_params.srv_hash = conn->hash_node.key; HA_RWLOCK_WRUNLOCK(SERVER_LOCK, &srv->path_params.param_lock); } }