From d12971dfea8e4eefe831dde2b7fc6134dff292d1 Mon Sep 17 00:00:00 2001 From: Amaury Denoyelle Date: Thu, 30 Oct 2025 11:08:21 +0100 Subject: [PATCH] MINOR: check: delay MUX init when SSL ALPN is used When instantiating a new connection for check, its MUX may be initialized early. This was not performed though if SSL ALPN negotiation will be used, except if check MUX is already fixed. However, this method of initialization is problematic when QUIC MUX is used. Indeed, this multiplexer must only be instantiated after the above application protocol is known, which is derived from the ALPN negotiation. If this is not the case a crash will occur in qmux_init(). In fact, a similar problem was already encountered for normal traffic. Thus, a change was performed in connect_server() : MUX early initialization is now always skipped if SSL ALPN negotiation is active, even if MUX is already fixed. This patch introduces a similar change for checks. Without this patch, it is not possible to perform check on QUIC servers as expected. Indeed, when http-check ruleset is active a crash would occur prior to it. --- src/tcpcheck.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/src/tcpcheck.c b/src/tcpcheck.c index 0e7930dfc..5be4a12ea 100644 --- a/src/tcpcheck.c +++ b/src/tcpcheck.c @@ -1508,12 +1508,10 @@ enum tcpcheck_eval_ret tcpcheck_eval_connect(struct check *check, struct tcpchec goto fail_check; } - /* The mux may be initialized now if there isn't server attached to the - * check (email alerts) or if there is a mux proto specified or if there - * is no alpn. + /* MUX may be initialized now if there isn't server attached to the + * check (email alerts) or if it does not rely on SSL ALPN negotiation. */ - if (!s || ((connect->options & TCPCHK_OPT_DEFAULT_CONNECT) && check->mux_proto) || - connect->mux_proto || + if (!s || (!conn_is_ssl(conn) || (!connect->alpn && !check->alpn_str && !s->ssl_ctx.alpn_str))) { const struct mux_ops *mux_ops; -- 2.47.3