From: Frederic Lecaille <flecaille@haproxy.com>
Date: Tue, 4 Nov 2025 07:20:31 +0000 (+0100)
Subject: CLEANUP: quic: Missing succesful SSL handshake backend trace (OpenSSL 3.5)
X-Git-Tag: v3.3-dev13~3
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=644bf585c3914ea33bfa116c8caf9d58d0447942;p=thirdparty%2Fhaproxy.git

CLEANUP: quic: Missing succesful SSL handshake backend trace (OpenSSL 3.5)

This very minor issue impacts only the backend when compiled against OpenSSL 3.5
with QUIC API (HAVE_OPENSSL_QUIC).

The "SSL handshake OK" trace was not dumped by a TRACE() call. This was very
annoying when debugging.

Modify the concerned code section which is a bit ugly and simplify it.
The TRACE() call is done at a unique location for now on.

Should be backported to 3.2 to ease any further backport.
---

diff --git a/src/quic_ssl.c b/src/quic_ssl.c
index 6031cadab..22f0d04ab 100644
--- a/src/quic_ssl.c
+++ b/src/quic_ssl.c
@@ -968,10 +968,7 @@ int qc_ssl_do_hanshake(struct quic_conn *qc, struct ssl_sock_ctx *ctx)
 		}
 #endif
 
-#ifndef HAVE_OPENSSL_QUIC
-		TRACE_PROTO("SSL handshake OK", QUIC_EV_CONN_IO_CB, qc, &state);
-		ssl_sock_update_counters(ctx->ssl, counters, counters_px, qc_is_back(qc));
-#else
+#ifdef HAVE_OPENSSL_QUIC
 		/* Hack to support O-RTT with the OpenSSL 3.5 QUIC API.
 		 * SSL_do_handshake() succeeds at the first call. Why? |-(
 		 * This prevents the handshake CRYPTO data to be sent.
@@ -987,12 +984,10 @@ int qc_ssl_do_hanshake(struct quic_conn *qc, struct ssl_sock_ctx *ctx)
 				            QUIC_EV_CONN_IO_CB, qc, &state, &ssl_err);
 				goto out;
 			}
-			else {
-				TRACE_PROTO("SSL handshake OK", QUIC_EV_CONN_IO_CB, qc, &state);
-				ssl_sock_update_counters(ctx->ssl, counters, counters_px, qc_is_back(qc));
-			}
 		}
 #endif
+		TRACE_PROTO("SSL handshake OK", QUIC_EV_CONN_IO_CB, qc, &state);
+		ssl_sock_update_counters(ctx->ssl, counters, counters_px, qc_is_back(qc));
 
 		/* Check the alpn could be negotiated */
 		if (!qc_is_back(qc)) {