From 1494cd71379b556ef9fa37f487d0083f33b2e2d0 Mon Sep 17 00:00:00 2001
From: William Lallemand <wlallemand@haproxy.com>
Date: Fri, 19 Apr 2024 14:18:32 +0200
Subject: [PATCH] MAJOR: ssl: use the msg callback mecanism for backend
 connections

Backend SSL connections never used the ssl_sock_msg_callbacks() which
prevent the use of keylog on the server side.

The impact should be minimum, though it add a major callback system for
protocol analysis, which is the same used on frontend connections.

https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_msg_callback.html

The patch add a call to SSL_CTX_set_msg_callback() in
ssl_sock_prepare_srv_ssl_ctx() the same way it's done for bind lines in
ssl_sock_prepare_ctx().
---
 src/ssl_sock.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index c44c9e7e3..e629ca2d8 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -5144,6 +5144,9 @@ static int ssl_sock_prepare_srv_ssl_ctx(const struct server *srv, SSL_CTX *ctx)
 		cfgerr++;
 	}
 
+#ifdef SSL_CTRL_SET_MSG_CALLBACK
+	SSL_CTX_set_msg_callback(ctx, ssl_sock_msgcbk);
+#endif
 #ifdef HAVE_SSL_CTX_SET_CIPHERSUITES
 	if (srv->ssl_ctx.ciphersuites &&
 		!SSL_CTX_set_ciphersuites(ctx, srv->ssl_ctx.ciphersuites)) {