From 0de4bd402ff29712985649384ba47005e4d2b057 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Fr=C3=A9d=C3=A9ric=20L=C3=A9caille?= Date: Thu, 21 Dec 2023 14:14:22 +0100 Subject: [PATCH] BUG/MINOR: quic: Wrong keylog callback setting. This bug impacts only the QUIC OpenSSL compatibility module (USE_QUIC_OPENSSL_COMPAT). To make this module works, quic_tls_compat_keylog_callback() function must be set as keylog callback, or at least be called by another keylog callback. This is what SSL_CTX_keylog() was supposed to do. In addition to export the TLS secrets via sample fetches this latter also calls quic_tls_compat_keylog_callback() when compiled with USE_QUIC_OPENSSL_COMPAT defined. Before this patch, SSL_CTX_keylog() was replaced by quic_tls_compat_keylog_callback() and the TLS secret were no more exported by sample fetches. Must be backported to 2.8. (cherry picked from commit b26f6fb0cb358ef1df15e21151906e4c2e9f4364) Signed-off-by: Christopher Faulet --- src/quic_openssl_compat.c | 1 - 1 file changed, 1 deletion(-) diff --git a/src/quic_openssl_compat.c b/src/quic_openssl_compat.c index 3760bbc..efd9b15 100644 --- a/src/quic_openssl_compat.c +++ b/src/quic_openssl_compat.c @@ -61,7 +61,6 @@ int quic_tls_compat_init(struct bind_conf *bind_conf, SSL_CTX *ctx) if (bind_conf->xprt != xprt_get(XPRT_QUIC)) return 1; - SSL_CTX_set_keylog_callback(ctx, quic_tls_compat_keylog_callback); if (SSL_CTX_has_client_custom_ext(ctx, QUIC_OPENSSL_COMPAT_SSL_TP_EXT)) return 1; -- 1.7.10.4