From ab22d6b37d9ca2655f5247ca85d33734472e38e8 Mon Sep 17 00:00:00 2001
From: Frederic Lecaille <flecaille@haproxy.com>
Date: Thu, 15 May 2025 10:18:09 +0200
Subject: [PATCH] MINOR: quic: Add useful error traces about
 qc_ssl_sess_init() failures

There were no traces to diagnose qc_ssl_sess_init() failures from QUIC traces.
This patch add calls to TRACE_DEVEL() into qc_ssl_sess_init() and its caller
(qc_alloc_ssl_sock_ctx()). This was useful at least to diagnose SSL context
initialization failures when porting QUIC to the new OpenSSL 3.5 QUIC API.

Should be easily backported as far as 2.6.

(cherry picked from commit 894595b711835dba9a7432fa364ea57806b2bb0c)
Signed-off-by: Willy Tarreau <w@1wt.eu>
(cherry picked from commit 76636502b94941061a887566d268ffa6f01e61ca)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
---
 src/quic_ssl.c |    8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/quic_ssl.c b/src/quic_ssl.c
index 563f490..d6b4834 100644
--- a/src/quic_ssl.c
+++ b/src/quic_ssl.c
@@ -749,7 +749,7 @@ static int qc_ssl_sess_init(struct quic_conn *qc, SSL_CTX *ssl_ctx, SSL **ssl)
 	*ssl = SSL_new(ssl_ctx);
 	if (!*ssl) {
 		if (!retry--)
-			goto leave;
+			goto err;
 
 		pool_gc(NULL);
 		goto retry;
@@ -760,7 +760,7 @@ static int qc_ssl_sess_init(struct quic_conn *qc, SSL_CTX *ssl_ctx, SSL **ssl)
 		SSL_free(*ssl);
 		*ssl = NULL;
 		if (!retry--)
-			goto leave;
+			goto err;
 
 		pool_gc(NULL);
 		goto retry;
@@ -770,6 +770,9 @@ static int qc_ssl_sess_init(struct quic_conn *qc, SSL_CTX *ssl_ctx, SSL **ssl)
  leave:
 	TRACE_LEAVE(QUIC_EV_CONN_NEW, qc);
 	return ret;
+ err:
+	TRACE_DEVEL("leaving on error", QUIC_EV_CONN_NEW, qc);
+	goto leave;
 }
 
 #ifdef HAVE_SSL_0RTT_QUIC
@@ -867,6 +870,7 @@ int qc_alloc_ssl_sock_ctx(struct quic_conn *qc)
 	return !ret;
 
  err:
+	TRACE_DEVEL("leaving on error", QUIC_EV_CONN_NEW, qc);
 	pool_free(pool_head_quic_ssl_sock_ctx, ctx);
 	goto leave;
 }
-- 
1.7.10.4