MINOR: quic: Implement qc_ssl_eary_data_accepted().

This function is a wrapper around SSL_get_early_data_status() for OpenSSL derived stack and SSL_early_data_accepted() boringSSL derived stacks like AWS-LC. It returns true for a TLS server if it has accepted the early data received from a client. Also implement quic_ssl_early_data_status_str() which is dedicated to be used for debugging purposes (traces). This function converts the enum returned by the two function mentionned above to a human readable string.
2025-02-20 04:37:04 +00:00 · 2024-08-30 15:16:01 +02:00 · 2024-08-30 15:16:01 +02:00 · 609b124561
commit 609b124561
parent e926378375
1 changed files with 39 additions and 0 deletions
--- a/include/haproxy/quic_ssl.h
+++ b/include/haproxy/quic_ssl.h
@ -47,5 +47,44 @@ static inline void qc_free_ssl_sock_ctx(struct ssl_sock_ctx **ctx)
 	*ctx = NULL;
 }

+#if defined(HAVE_SSL_0RTT_QUIC)
+static inline int qc_ssl_eary_data_accepted(const SSL *ssl)
+{
+#if defined(OPENSSL_IS_AWSLC)
+	return SSL_early_data_accepted(ssl);
+#else
+	return SSL_get_early_data_status(ssl) == SSL_EARLY_DATA_ACCEPTED;
+#endif
+}
+
+static inline const char *quic_ssl_early_data_status_str(const SSL *ssl)
+{
+#if defined(OPENSSL_IS_AWSLC)
+	if (SSL_early_data_accepted(ssl))
+		return "ACCEPTED";
+	else
+		return "UNKNOWN";
+#else
+	int early_data_status = SSL_get_early_data_status(ssl);
+
+	switch (early_data_status) {
+	case SSL_EARLY_DATA_ACCEPTED:
+		return "ACCEPTED";
+	case SSL_EARLY_DATA_REJECTED:
+		return "REJECTED";
+	case SSL_EARLY_DATA_NOT_SENT:
+		return "NOT_SENT";
+	default:
+		return "UNKNOWN";
+	}
+#endif
+}
+#else
+static inline const char *quic_ssl_early_data_status_str(const SSL *ssl)
+{
+	return "NOT_SUPPORTED";
+}
+#endif
+
 #endif /* USE_QUIC */
 #endif /* _HAPROXY_QUIC_SSL_H */