RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-03-06 03:18:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

MINOR: quic: Immediately close if no transport parameters extension found

Browse Source 
If the ClientHello callback does not manage to find a correct QUIC transport
parameters extension, we immediately close the connection with
missing_extension(109) as TLS alert which is turned into 0x16d QUIC connection
error.
This commit is contained in:
Frédéric Lécaille 2021-11-22 15:55:16 +01:00
parent 1fc5e16c4c
commit b5b5247b18
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/ssl_sock.c
View File

@ -2463,7 +2463,15 @@ int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *arg)
if (!SSL_client_hello_get0_ext(ssl, conn->qc->tps_tls_ext,
&extension_data, &extension_len))
#endif
goto abort;
{
/* This is not redundant. It we only return 0 without setting
* <*al>, this has as side effect to generate another TLS alert
* which would be set after calling quic_set_tls_alert().
*/
*al = SSL_AD_MISSING_EXTENSION;
quic_set_tls_alert(conn->qc, SSL_AD_MISSING_EXTENSION);
return 0;
}
if (!quic_transport_params_store(conn->qc, 0, extension_data,
extension_data + extension_len))