MINOR: quic+openssl_compat: Do not start without "limited-quic"

Add a check for limited-quic in check_config_validity() when compiled with USE_QUIC_OPENSSL_COMPAT so that we prevent a config from starting accidentally with limited QUIC support. If a QUIC listener is found when using the compatibility mode and limited-quic is not set, an error message is reported explaining that the SSL library is not compatible and proposing the user to enable limited-quic if that's what they want, and the startup fails. This partially reverts commit 7c730803d ("MINOR: quic: Warning for OpenSSL wrapper QUIC bindings without "limited-quic"") since a warning was not sufficient.
2025-02-16 10:36:55 +00:00 · 2023-08-17 10:15:09 +02:00 · 2023-08-17 10:15:09 +02:00 · 0e13325f23
commit 0e13325f23
parent cd97ba147c
2 changed files with 15 additions and 13 deletions
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@ -4284,6 +4284,7 @@ init_proxies_list_stage2:
 		}

 		/* adjust this proxy's listeners */
+		bind_conf = NULL;
 		next_id = 1;
 		list_for_each_entry(listener, &curproxy->conf.listeners, by_fe) {
 			if (!listener->luid) {
@ -4312,6 +4313,20 @@ init_proxies_list_stage2:
 						cfgerr++;
 					}
 				}
+# ifdef USE_QUIC_OPENSSL_COMPAT
+				/* store the last checked bind_conf in bind_conf */
+				if (!(global.tune.options & GTUNE_NO_QUIC) &&
+				    !(global.tune.options & GTUNE_LIMITED_QUIC) &&
+				    listener->bind_conf != bind_conf) {
+					bind_conf = listener->bind_conf;
+					ha_alert("Binding [%s:%d] for %s %s: this SSL library does not support the "
+						 "QUIC protocol. A limited compatibility layer may be enabled using "
+						 "the \"limited-quic\" global option if desired.\n",
+						 listener->bind_conf->file, listener->bind_conf->line,
+						 proxy_type_str(curproxy), curproxy->id);
+					cfgerr++;
+				}
+# endif

 				li_init_per_thr(listener);
 			}
--- a/src/protocol.c
+++ b/src/protocol.c
@ -120,21 +120,8 @@ int protocol_supports_flag(struct protocol *proto, uint flag)
 */
 static inline int protocol_may_bind_quic(struct listener *l)
 {
-#ifdef USE_QUIC_OPENSSL_COMPAT
-	struct proxy *px = l->bind_conf->frontend;
-
-#endif
 	if (global.tune.options & GTUNE_NO_QUIC)
 		return 0;
-#ifdef USE_QUIC_OPENSSL_COMPAT
-	if (!(global.tune.options & GTUNE_LIMITED_QUIC)) {
-		ha_warning("Binding [%s:%d] for %s %s: receiving socket not bound"
-		           " (\"limited-quic\" global option is not set)\n",
-		           l->bind_conf->file, l->bind_conf->line,
-		           proxy_type_str(px), px->id);
-		return 0;
-	}
-#endif
 	return 1;
 }
 #endif