MINOR: ssl: Handle sending early data to server. This adds a new keyword on the "server" line, "allow-0rtt", if set, we'll try to send early data to the server, as long as the client sent early data, as in case the server rejects the early data, we no longer have them, and can't resend them, so the only option we have is to send back a 425, and we need to be sure the client knows how to interpret it correctly.

commit: 522eea71106ad9486a3c01a0e5fd8b6d88a42693 [log] [tgz]
author: Olivier Houchard <ohouchard@haproxy.com> Fri Nov 03 16:27:47 2017 +0100
committer: Willy Tarreau <w@1wt.eu> Wed Nov 08 14:11:10 2017 +0100
tree: f80739e280a736fb5d5427315b3df79f18cda1d7
parent: cfdef2e3123306a2d671ebc5fd05596295aa2b88 [diff]
diff --git a/include/types/connection.h b/include/types/connection.h
index beb0b71..eb67455 100644
--- a/include/types/connection.h
+++ b/include/types/connection.h

@@ -226,6 +226,7 @@
 	CO_ER_SSL_HANDSHAKE_HB, /* SSL error during handshake with heartbeat present */
 	CO_ER_SSL_KILLED_HB,    /* Stopped a TLSv1 heartbeat attack (CVE-2014-0160) */
 	CO_ER_SSL_NO_TARGET,    /* unknown target (not client nor server) */
+	CO_ER_SSL_EARLY_FAILED, /* Server refused early data */
 };
 
 /* source address settings for outgoing connections */

diff --git a/include/types/server.h b/include/types/server.h
index 4a31934..76225f7 100644
--- a/include/types/server.h
+++ b/include/types/server.h

@@ -167,6 +167,7 @@
 #define SRV_SSL_O_NONE         0x0000
 #define SRV_SSL_O_NO_TLS_TICKETS 0x0100 /* disable session resumption tickets */
 #define SRV_SSL_O_NO_REUSE     0x200  /* disable session reuse */
+#define SRV_SSL_O_EARLY_DATA   0x400  /* Allow using early data */
 #endif
 
 struct pid_list {
commit	522eea71106ad9486a3c01a0e5fd8b6d88a42693	[log] [tgz]
author	Olivier Houchard <ohouchard@haproxy.com>	Fri Nov 03 16:27:47 2017 +0100
committer	Willy Tarreau <w@1wt.eu>	Wed Nov 08 14:11:10 2017 +0100
tree	f80739e280a736fb5d5427315b3df79f18cda1d7
parent	cfdef2e3123306a2d671ebc5fd05596295aa2b88 [diff]