From 14a6468df576bf1b5cc345976ab1f4cc0683e008 Mon Sep 17 00:00:00 2001 From: Amaury Denoyelle Date: Fri, 31 Oct 2025 09:57:54 +0100 Subject: [PATCH] MINOR: quic: reject conf with QUIC servers if not compiled Ensure that QUIC support is compiled into haproxy when a QUIC server is configured. This check is performed during _srv_parse_finalize() so that it is detected both on configuration parsing and when adding a dynamic server via the CLI. Note that this changes the behavior of srv_is_quic() utility function. Previously, it always returned false when QUIC support wasn't compiled. With this new check introduced, it is now guaranteed that a QUIC server won't exist if compilation support is not active. Hence srv_is_quic() does not rely anymore on USE_QUIC define. --- include/haproxy/server.h | 4 ---- src/server.c | 7 +++++-- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/include/haproxy/server.h b/include/haproxy/server.h index cf5c5584c..39f71e05e 100644 --- a/include/haproxy/server.h +++ b/include/haproxy/server.h @@ -383,12 +383,8 @@ static inline struct server *server_find_by_id(struct proxy *bk, int id) static inline int srv_is_quic(const struct server *srv) { -#ifdef USE_QUIC return srv->addr_type.proto_type == PROTO_TYPE_DGRAM && srv->addr_type.xprt_type == PROTO_TYPE_STREAM; -#else - return 0; -#endif } #endif /* _HAPROXY_SERVER_H */ diff --git a/src/server.c b/src/server.c index 26103cf18..02980db72 100644 --- a/src/server.c +++ b/src/server.c @@ -3928,8 +3928,8 @@ static int _srv_parse_finalize(char **args, int cur_arg, } } -#ifdef USE_QUIC if (srv_is_quic(srv)) { +#ifdef USE_QUIC if (!srv->use_ssl) { srv->use_ssl = 1; ha_warning("QUIC protocol detected, enabling ssl. Use 'ssl' to shut this warning.\n"); @@ -3940,8 +3940,11 @@ static int _srv_parse_finalize(char **args, int cur_arg, &srv->ssl_ctx.alpn_len, &errmsg) != 0) { return ERR_ALERT | ERR_FATAL; } - } +#else + ha_alert("QUIC protocol selected but support not compiled in (check build options).\n"); + return ERR_ALERT | ERR_FATAL; #endif + } if (!(srv->proxy->cap & PR_CAP_LB)) { /* No need to wait for effective proxy mode, it is already known: -- 2.47.3