From 609b1245610c8f3e219a1eff12d13559cae109cd Mon Sep 17 00:00:00 2001
From: Frederic Lecaille <flecaille@haproxy.com>
Date: Fri, 30 Aug 2024 15:16:01 +0200
Subject: [PATCH] MINOR: quic: Implement qc_ssl_eary_data_accepted().

This function is a wrapper around SSL_get_early_data_status() for
OpenSSL derived stack and SSL_early_data_accepted() boringSSL derived
stacks like AWS-LC. It returns true for a TLS server if it has
accepted the early data received from a client.

Also implement quic_ssl_early_data_status_str() which is dedicated to be used
for debugging purposes (traces). This function converts the enum returned
by the two function mentionned above to a human readable string.
---
 include/haproxy/quic_ssl.h | 39 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)

diff --git a/include/haproxy/quic_ssl.h b/include/haproxy/quic_ssl.h
index a84f5fffc..a5bcb4fb4 100644
--- a/include/haproxy/quic_ssl.h
+++ b/include/haproxy/quic_ssl.h
@@ -47,5 +47,44 @@ static inline void qc_free_ssl_sock_ctx(struct ssl_sock_ctx **ctx)
 	*ctx = NULL;
 }
 
+#if defined(HAVE_SSL_0RTT_QUIC)
+static inline int qc_ssl_eary_data_accepted(const SSL *ssl)
+{
+#if defined(OPENSSL_IS_AWSLC)
+	return SSL_early_data_accepted(ssl);
+#else
+	return SSL_get_early_data_status(ssl) == SSL_EARLY_DATA_ACCEPTED;
+#endif
+}
+
+static inline const char *quic_ssl_early_data_status_str(const SSL *ssl)
+{
+#if defined(OPENSSL_IS_AWSLC)
+	if (SSL_early_data_accepted(ssl))
+		return "ACCEPTED";
+	else
+		return "UNKNOWN";
+#else
+	int early_data_status = SSL_get_early_data_status(ssl);
+
+	switch (early_data_status) {
+	case SSL_EARLY_DATA_ACCEPTED:
+		return "ACCEPTED";
+	case SSL_EARLY_DATA_REJECTED:
+		return "REJECTED";
+	case SSL_EARLY_DATA_NOT_SENT:
+		return "NOT_SENT";
+	default:
+		return "UNKNOWN";
+	}
+#endif
+}
+#else
+static inline const char *quic_ssl_early_data_status_str(const SSL *ssl)
+{
+	return "NOT_SUPPORTED";
+}
+#endif
+
 #endif /* USE_QUIC */
 #endif /* _HAPROXY_QUIC_SSL_H */