BUG/MINOR: ssl: fix 0-RTT for BoringSSL
Since BoringSSL commit 777a2391 "Hold off flushing NewSessionTicket until write.",
0-RTT doesn't work. It appears that half-RTT data (response from 0-RTT) never
worked before the BoringSSL fix. For HAProxy the regression come from 010941f8
"BUG/MEDIUM: ssl: Use the early_data API the right way.": the problem is link to
the logic of CO_FL_EARLY_SSL_HS used for OpenSSL. With BoringSSL, handshake is
done before reading early data, 0-RTT data and half-RTT data are processed as
normal data: CO_FL_EARLY_SSL_HS/CO_FL_EARLY_DATA is not needed, simply remove
it.
This should be backported to all versions till 1.8.
(cherry picked from commit f967c31e75b087daeb1cc2cdba432df0b170f2f8)
Signed-off-by: Willy Tarreau <w@1wt.eu>
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 3ddacb6..f07cce5 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -5248,7 +5248,7 @@
/* leave init state and start handshake */
conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L) || defined(OPENSSL_IS_BORINGSSL)
+#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
conn->flags |= CO_FL_EARLY_SSL_HS;
#endif
@@ -5528,10 +5528,6 @@
}
}
-#ifdef OPENSSL_IS_BORINGSSL
- if ((conn->flags & CO_FL_EARLY_SSL_HS) && !SSL_in_early_data(ctx->ssl))
- conn->flags &= ~CO_FL_EARLY_SSL_HS;
-#endif
/* The connection is now established at both layers, it's time to leave */
conn->flags &= ~(flag | CO_FL_WAIT_L4_CONN | CO_FL_WAIT_L6_CONN);
return 1;
@@ -5780,16 +5776,7 @@
} else
#endif
ret = SSL_read(ctx->ssl, b_tail(buf), try);
-#ifdef OPENSSL_IS_BORINGSSL
- if (conn->flags & CO_FL_EARLY_SSL_HS) {
- if (SSL_in_early_data(ctx->ssl)) {
- if (ret > 0)
- conn->flags |= CO_FL_EARLY_DATA;
- } else {
- conn->flags &= ~(CO_FL_EARLY_SSL_HS);
- }
- }
-#endif
+
if (conn->flags & CO_FL_ERROR) {
/* CO_FL_ERROR may be set by ssl_sock_infocbk */
goto out_error;