BUG/MEDIUM: ssl: 0-RTT initialized at the wrong place for AWS-LC

Revert patch fcc8255 "MINOR: ssl_sock: Early data disabled during
SSL_CTX switching (aws-lc)". The patch was done in the wrong callback
which is never built for AWS-LC, and applies options on the SSL_CTX
instead of the SSL, which should never be done elsewhere than in the
configuration parsing.

This was probably triggered by successfully linking haproxy against
AWS-LC without using USE_OPENSSL_AWSLC.

The patch also reintroduced SSL_CTX_set_early_data_enabled() in the
ssl_quic_initial_ctx() and ssl_sock_initial_ctx(). So the initial_ctx
does have the right setting, but it still needs to be applied to the
selected SSL_CTX in the clienthello, because we need it on the selected
SSL_CTX.

Must be backported to 3.0. (ssl_clienthello.c part was in ssl_sock.c)

(cherry picked from commit 1889b86561ee67696760111c6df5759c628430dc)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>

diff --git a/src/quic_ssl.c b/src/quic_ssl.c
index 66eb68e..483fc80 100644 (file)
--- a/src/quic_ssl.c
+++ b/src/quic_ssl.c
@@ -452,6 +452,8 @@ int ssl_quic_initial_ctx(struct bind_conf *bind_conf)
 #if !defined(HAVE_SSL_0RTT_QUIC)
                ha_warning("Binding [%s:%d] for %s %s: 0-RTT with QUIC is not supported by this SSL library, ignored.\n",
                           bind_conf->file, bind_conf->line, proxy_type_str(bind_conf->frontend), bind_conf->frontend->id);
+#elif defined(OPENSSL_IS_BORINGSSL) || defined(USE_OPENSSL_AWSLC)
+               SSL_CTX_set_early_data_enabled(ctx, 1);
 #else
                SSL_CTX_set_options(ctx, SSL_OP_NO_ANTI_REPLAY);
                SSL_CTX_set_max_early_data(ctx, 0xffffffff);

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 3e49cea..e2e9af4 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -2505,14 +2505,7 @@ sni_lookup:
                return SSL_TLSEXT_ERR_ALERT_FATAL;
        }
 
-#if defined(OPENSSL_IS_AWSLC)
-       /* Note that ssl_sock_switchctx_set() calls SSL_set_SSL_CTX() which propagates the
-        * "early data enabled" setting from the SSL_CTX object to the SSL objects.
-        * So enable early data for this SSL_CTX context if configured.
-        */
-       if (s->ssl_conf.early_data)
-               SSL_CTX_set_early_data_enabled(container_of(node, struct sni_ctx, name)->ctx, 1);
-#endif
+
        /* switch ctx */
        ssl_sock_switchctx_set(ssl, container_of(node, struct sni_ctx, name)->ctx);
        HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);
@@ -4097,6 +4090,8 @@ ssl_sock_initial_ctx(struct bind_conf *bind_conf)
 # ifdef OPENSSL_IS_BORINGSSL
        SSL_CTX_set_select_certificate_cb(ctx, ssl_sock_switchctx_cbk);
        SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
+       if (bind_conf->ssl_conf.early_data)
+               SSL_CTX_set_early_data_enabled(ctx, 1);
 # elif defined(HAVE_SSL_CLIENT_HELLO_CB)
 #  if defined(SSL_OP_NO_ANTI_REPLAY)
        if (bind_conf->ssl_conf.early_data)