Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / a956d151183e412c049b40d11ea384fb9f2fc9b4^! / .
commita956d151183e412c049b40d11ea384fb9f2fc9b4[log] [tgz]
authorFrédéric Lécaille <flecaille@haproxy.com>Wed Nov 10 09:24:22 2021 +0100
committerFrédéric Lécaille <flecaille@haproxy.com>Fri Nov 19 14:37:35 2021 +0100
treede458ac0891247b595fc2e074074c0ca0f99ff63
parent28f51faf0bf2c9f4a40297908978e16e37a41657 [diff]
MINOR: quic: Support transport parameters draft TLS extension

If we want to run quic-tracker against haproxy, we must at least
support the draft version of the TLS extension for the QUIC transport
parameters (0xffa5). quic-tracker QUIC version is draft-29 at this time.
We select this depending on the QUIC version. If draft, we select the
draft TLS extension.

diff --git a/include/haproxy/quic_tls-t.h b/include/haproxy/quic_tls-t.h
index 8c11a2d..e2f5fb1 100644
--- a/include/haproxy/quic_tls-t.h
+++ b/include/haproxy/quic_tls-t.h

@@ -37,8 +37,9 @@
 #endif
 #endif
 
-/* The TLS extension (enum) for QUIC transport parameters */
-#define TLS_EXTENSION_QUIC_TRANSPORT_PARAMETERS 0x0039
+/* The TLS extensions for QUIC transport parameters */
+#define TLS_EXTENSION_QUIC_TRANSPORT_PARAMETERS       0x0039
+#define TLS_EXTENSION_QUIC_TRANSPORT_PARAMETERS_DRAFT 0xffa5
 
 /* QUIC handshake states for both clients and servers. */
 enum quic_handshake_state {

diff --git a/include/haproxy/xprt_quic-t.h b/include/haproxy/xprt_quic-t.h
index df4f5b4..be3e8d0 100644
--- a/include/haproxy/xprt_quic-t.h
+++ b/include/haproxy/xprt_quic-t.h

@@ -608,6 +608,8 @@
 #define QUIC_FL_PKTNS_ACK_REQUIRED  (1UL << QUIC_FL_PKTNS_ACK_REQUIRED_BIT)
 struct quic_conn {
 	uint32_t version;
+	/* QUIC transport parameters TLS extension */
+	int tps_tls_ext;
 
 	int state;
 	unsigned char enc_params[QUIC_TP_MAX_ENCLEN]; /* encoded QUIC transport parameters */

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 6dd0ce6..2df48e0 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c

@@ -2451,10 +2451,10 @@
 	if (conn->qc) {
 		/* Look for the QUIC transport parameters. */
 #ifdef OPENSSL_IS_BORINGSSL
-		if (!SSL_early_callback_ctx_extension_get(ctx, TLS_EXTENSION_QUIC_TRANSPORT_PARAMETERS,
+		if (!SSL_early_callback_ctx_extension_get(ctx, con->qc->tps_tls_ext,
 		                                          &extension_data, &extension_len))
 #else
-		if (!SSL_client_hello_get0_ext(ssl, TLS_EXTENSION_QUIC_TRANSPORT_PARAMETERS,
+		if (!SSL_client_hello_get0_ext(ssl, conn->qc->tps_tls_ext,
 		                               &extension_data, &extension_len))
 #endif
 			goto abort;

diff --git a/src/xprt_quic.c b/src/xprt_quic.c
index a79e05e..27b67ee 100644
--- a/src/xprt_quic.c
+++ b/src/xprt_quic.c

@@ -3095,6 +3095,9 @@
 	}
 
 	qc->version = version;
+	qc->tps_tls_ext = qc->version & 0xff000000 ?
+		TLS_EXTENSION_QUIC_TRANSPORT_PARAMETERS_DRAFT:
+		TLS_EXTENSION_QUIC_TRANSPORT_PARAMETERS;
 	/* TX part. */
 	LIST_INIT(&qc->tx.frms_to_send);
 	qc->tx.nb_buf = QUIC_CONN_TX_BUFS_NB;