From 85119860abbf38d7ffa462ee70e617dd93172632 Mon Sep 17 00:00:00 2001
From: Frederic Lecaille <flecaille@haproxy.com>
Date: Tue, 4 Nov 2025 08:20:31 +0100
Subject: [PATCH] BUG/MINOR: quic: Missing succesful SSL handshake backend
 trace (OpenSSL 3.5)

This very minor bug impacts only the backend when compiled against OpenSSL 3.5
with QUIC API (HAVE_OPENSSL_QUIC).

The "SSL handshake OK" trace was not dumped.
Modify the concerned code section which is a bit ugly and simplify. The TRACE()
call is done at a unique location for now on.

Should be backported to 3.2 to ease any further backport.
---
 src/quic_ssl.c | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/src/quic_ssl.c b/src/quic_ssl.c
index 4ef228437..4fb377f90 100644
--- a/src/quic_ssl.c
+++ b/src/quic_ssl.c
@@ -943,10 +943,7 @@ int qc_ssl_do_hanshake(struct quic_conn *qc, struct ssl_sock_ctx *ctx)
 		}
 #endif
 
-#ifndef HAVE_OPENSSL_QUIC
-		TRACE_PROTO("SSL handshake OK", QUIC_EV_CONN_IO_CB, qc, &state);
-		ssl_sock_update_counters(ctx->ssl, counters, counters_px, qc_is_back(qc));
-#else
+#ifdef HAVE_OPENSSL_QUIC
 		/* Hack to support O-RTT with the OpenSSL 3.5 QUIC API.
 		 * SSL_do_handshake() succeeds at the first call. Why? |-(
 		 * This prevents the handshake CRYPTO data to be sent.
@@ -962,12 +959,10 @@ int qc_ssl_do_hanshake(struct quic_conn *qc, struct ssl_sock_ctx *ctx)
 				            QUIC_EV_CONN_IO_CB, qc, &state, &ssl_err);
 				goto out;
 			}
-			else {
-				TRACE_PROTO("SSL handshake OK", QUIC_EV_CONN_IO_CB, qc, &state);
-				ssl_sock_update_counters(ctx->ssl, counters, counters_px, qc_is_back(qc));
-			}
 		}
 #endif
+		TRACE_PROTO("SSL handshake OK", QUIC_EV_CONN_IO_CB, qc, &state);
+		ssl_sock_update_counters(ctx->ssl, counters, counters_px, qc_is_back(qc));
 
 		/* Check the alpn could be negotiated */
 		if (!qc_is_back(qc)) {
-- 
2.47.3