From: Frédéric Lécaille <flecaille@haproxy.com>
Date: Wed, 10 Nov 2021 08:24:22 +0000 (+0100)
Subject: MINOR: quic: Support transport parameters draft TLS extension
X-Git-Tag: v2.5-dev15~18
X-Git-Url: http://git.haproxy.org/?a=commitdiff_plain;h=a956d151183e412c049b40d11ea384fb9f2fc9b4;p=haproxy-2.5.git

MINOR: quic: Support transport parameters draft TLS extension

If we want to run quic-tracker against haproxy, we must at least
support the draft version of the TLS extension for the QUIC transport
parameters (0xffa5). quic-tracker QUIC version is draft-29 at this time.
We select this depending on the QUIC version. If draft, we select the
draft TLS extension.
---

diff --git a/include/haproxy/quic_tls-t.h b/include/haproxy/quic_tls-t.h
index 8c11a2d..e2f5fb1 100644
--- a/include/haproxy/quic_tls-t.h
+++ b/include/haproxy/quic_tls-t.h
@@ -37,8 +37,9 @@
 #endif
 #endif
 
-/* The TLS extension (enum) for QUIC transport parameters */
-#define TLS_EXTENSION_QUIC_TRANSPORT_PARAMETERS 0x0039
+/* The TLS extensions for QUIC transport parameters */
+#define TLS_EXTENSION_QUIC_TRANSPORT_PARAMETERS       0x0039
+#define TLS_EXTENSION_QUIC_TRANSPORT_PARAMETERS_DRAFT 0xffa5
 
 /* QUIC handshake states for both clients and servers. */
 enum quic_handshake_state {
diff --git a/include/haproxy/xprt_quic-t.h b/include/haproxy/xprt_quic-t.h
index df4f5b4..be3e8d0 100644
--- a/include/haproxy/xprt_quic-t.h
+++ b/include/haproxy/xprt_quic-t.h
@@ -608,6 +608,8 @@ struct rxbuf {
 #define QUIC_FL_PKTNS_ACK_REQUIRED  (1UL << QUIC_FL_PKTNS_ACK_REQUIRED_BIT)
 struct quic_conn {
 	uint32_t version;
+	/* QUIC transport parameters TLS extension */
+	int tps_tls_ext;
 
 	int state;
 	unsigned char enc_params[QUIC_TP_MAX_ENCLEN]; /* encoded QUIC transport parameters */
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 6dd0ce6..2df48e0 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -2451,10 +2451,10 @@ int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *arg)
 	if (conn->qc) {
 		/* Look for the QUIC transport parameters. */
 #ifdef OPENSSL_IS_BORINGSSL
-		if (!SSL_early_callback_ctx_extension_get(ctx, TLS_EXTENSION_QUIC_TRANSPORT_PARAMETERS,
+		if (!SSL_early_callback_ctx_extension_get(ctx, con->qc->tps_tls_ext,
 		                                          &extension_data, &extension_len))
 #else
-		if (!SSL_client_hello_get0_ext(ssl, TLS_EXTENSION_QUIC_TRANSPORT_PARAMETERS,
+		if (!SSL_client_hello_get0_ext(ssl, conn->qc->tps_tls_ext,
 		                               &extension_data, &extension_len))
 #endif
 			goto abort;
diff --git a/src/xprt_quic.c b/src/xprt_quic.c
index a79e05e..27b67ee 100644
--- a/src/xprt_quic.c
+++ b/src/xprt_quic.c
@@ -3095,6 +3095,9 @@ static struct quic_conn *qc_new_conn(unsigned int version, int ipv4,
 	}
 
 	qc->version = version;
+	qc->tps_tls_ext = qc->version & 0xff000000 ?
+		TLS_EXTENSION_QUIC_TRANSPORT_PARAMETERS_DRAFT:
+		TLS_EXTENSION_QUIC_TRANSPORT_PARAMETERS;
 	/* TX part. */
 	LIST_INIT(&qc->tx.frms_to_send);
 	qc->tx.nb_buf = QUIC_CONN_TX_BUFS_NB;