RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-04-23 15:35:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

BUG/MEDIUM: quic: keylog callback not called (USE_OPENSSL_COMPAT)

Browse Source 
This bug impacts only the QUIC OpenSSL compatibility module (USE_QUIC_OPENSSL_COMPAT)
and it was introduced by this commit:

    BUG/MINOR: quic: Wrong keylog callback setting.

quic_tls_compat_keylog_callback() callback was no more set when the SSL keylog was
enabled by tune.ssl.keylog setting. This is the callback which sets the TLS secrets
into haproxy.

Set it again when the SSL keylog is not enabled by configuration.

Thank you to @Greg57070 for having reported this issue in GH #2412.

Must be backported as far as 2.8.
This commit is contained in:
Frederic Lecaille 2024-01-16 10:17:27 +01:00
parent 7021a8c4d8
commit 0eaf42a2a4
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/quic_openssl_compat.c
View File

@ -61,6 +61,12 @@ int quic_tls_compat_init(struct bind_conf *bind_conf, SSL_CTX *ctx)
if (bind_conf->xprt != xprt_get(XPRT_QUIC))
return 1;
/* This callback is already registered if the TLS keylog is activated for
* traffic decryption analysis.
*/
if (!global_ssl.keylog)
SSL_CTX_set_keylog_callback(ctx, quic_tls_compat_keylog_callback);
if (SSL_CTX_has_client_custom_ext(ctx, QUIC_OPENSSL_COMPAT_SSL_TP_EXT))
return 1;