MINOR: quic: Support transport parameters draft TLS extension

If we want to run quic-tracker against haproxy, we must at least
support the draft version of the TLS extension for the QUIC transport
parameters (0xffa5). quic-tracker QUIC version is draft-29 at this time.
We select this depending on the QUIC version. If draft, we select the
draft TLS extension.

diff --git a/include/haproxy/quic_tls-t.h b/include/haproxy/quic_tls-t.h
index 8c11a2d..e2f5fb1 100644 (file)
--- a/include/haproxy/quic_tls-t.h
+++ b/include/haproxy/quic_tls-t.h
@@ -37,8 +37,9 @@
 #endif
 #endif
 
-/* The TLS extension (enum) for QUIC transport parameters */
-#define TLS_EXTENSION_QUIC_TRANSPORT_PARAMETERS 0x0039
+/* The TLS extensions for QUIC transport parameters */
+#define TLS_EXTENSION_QUIC_TRANSPORT_PARAMETERS       0x0039
+#define TLS_EXTENSION_QUIC_TRANSPORT_PARAMETERS_DRAFT 0xffa5
 
 /* QUIC handshake states for both clients and servers. */
 enum quic_handshake_state {

diff --git a/include/haproxy/xprt_quic-t.h b/include/haproxy/xprt_quic-t.h
index df4f5b4..be3e8d0 100644 (file)
--- a/include/haproxy/xprt_quic-t.h
+++ b/include/haproxy/xprt_quic-t.h
@@ -608,6 +608,8 @@ struct rxbuf {
 #define QUIC_FL_PKTNS_ACK_REQUIRED  (1UL << QUIC_FL_PKTNS_ACK_REQUIRED_BIT)
 struct quic_conn {
        uint32_t version;
+       /* QUIC transport parameters TLS extension */
+       int tps_tls_ext;
 
        int state;
        unsigned char enc_params[QUIC_TP_MAX_ENCLEN]; /* encoded QUIC transport parameters */

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 6dd0ce6..2df48e0 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -2451,10 +2451,10 @@ int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *arg)
        if (conn->qc) {
                /* Look for the QUIC transport parameters. */
 #ifdef OPENSSL_IS_BORINGSSL
-               if (!SSL_early_callback_ctx_extension_get(ctx, TLS_EXTENSION_QUIC_TRANSPORT_PARAMETERS,
+               if (!SSL_early_callback_ctx_extension_get(ctx, con->qc->tps_tls_ext,
                                                          &extension_data, &extension_len))
 #else
-               if (!SSL_client_hello_get0_ext(ssl, TLS_EXTENSION_QUIC_TRANSPORT_PARAMETERS,
+               if (!SSL_client_hello_get0_ext(ssl, conn->qc->tps_tls_ext,
                                               &extension_data, &extension_len))
 #endif
                        goto abort;

diff --git a/src/xprt_quic.c b/src/xprt_quic.c
index a79e05e..27b67ee 100644 (file)
--- a/src/xprt_quic.c
+++ b/src/xprt_quic.c
@@ -3095,6 +3095,9 @@ static struct quic_conn *qc_new_conn(unsigned int version, int ipv4,
        }
 
        qc->version = version;
+       qc->tps_tls_ext = qc->version & 0xff000000 ?
+               TLS_EXTENSION_QUIC_TRANSPORT_PARAMETERS_DRAFT:
+               TLS_EXTENSION_QUIC_TRANSPORT_PARAMETERS;
        /* TX part. */
        LIST_INIT(&qc->tx.frms_to_send);
        qc->tx.nb_buf = QUIC_CONN_TX_BUFS_NB;