MINOR: ssl: SSL CTX initialization modifications for QUIC.
Makes TLS/TCP and QUIC share the same CTX initializer so that not to modify the
caller which is an XPRT callback used both by the QUIC xprt and the SSL xprt over
TCP.
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 5e0a7d4..abcca65 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -78,6 +78,7 @@
#include <haproxy/time.h>
#include <haproxy/tools.h>
#include <haproxy/vars.h>
+#include <haproxy/xprt_quic.h>
/* ***** READ THIS before adding code here! *****
@@ -4643,6 +4644,26 @@
return cfgerr;
}
+/*
+ * Create an initial CTX used to start the SSL connections.
+ * May be used by QUIC xprt which makes usage of SSL sessions initialized from SSL_CTXs.
+ * Returns 0 if succeeded, or something >0 if not.
+ */
+#ifdef USE_QUIC
+static int ssl_initial_ctx(struct bind_conf *bind_conf)
+{
+ if (bind_conf->xprt == xprt_get(XPRT_QUIC))
+ return ssl_quic_initial_ctx(bind_conf);
+ else
+ return ssl_sock_initial_ctx(bind_conf);
+}
+#else
+static int ssl_initial_ctx(struct bind_conf *bind_conf)
+{
+ return ssl_sock_initial_ctx(bind_conf);
+}
+#endif
+
/* Walks down the two trees in bind_conf and prepares all certs. The pointer may
* be NULL, in which case nothing is done. Returns the number of errors
* encountered.
@@ -4665,10 +4686,10 @@
}
/* Create initial_ctx used to start the ssl connection before do switchctx */
if (!bind_conf->initial_ctx) {
- err += ssl_sock_initial_ctx(bind_conf);
+ err += ssl_initial_ctx(bind_conf);
/* It should not be necessary to call this function, but it's
necessary first to check and move all initialisation related
- to initial_ctx in ssl_sock_initial_ctx. */
+ to initial_ctx in ssl_initial_ctx. */
errcode |= ssl_sock_prepare_ctx(bind_conf, NULL, bind_conf->initial_ctx, &errmsg);
}
if (bind_conf->default_ctx)