From ce3aa91aa4a20a361c18699e78777b732be5527a Mon Sep 17 00:00:00 2001 From: Olivier Houchard Date: Tue, 9 Sep 2025 15:34:32 +0200 Subject: [PATCH] BUG/MEDIUM: ssl: create the mux immediately on early data If we received early data, and an ALPN has been negociated, then immediately try to create a mux if we did not have one already. Generally, at this point we would not have one, as the mux is decided by the ALPN, however at this point, even if the handshake is not done yet, we have enough to determine the ALPN, so we can immediately create the mux. Doing so makes up able to treat the request immediately, without waiting for the handshake to be done. This should be backported up to 2.8. (cherry picked from commit 6b78af837d7b5b75b7c22a5fa39bf50ed727d904) Signed-off-by: Christopher Faulet (cherry picked from commit 8b633e68e3d5929b7ad6058310e48cef9feb4c76) [cf: trace message was removed] Signed-off-by: Christopher Faulet (cherry picked from commit 45543e72024284c4687ee16bc6df02b05be52475) Signed-off-by: Christopher Faulet --- src/ssl_sock.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 3a5d7ef..d4c78cf 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -5857,8 +5857,21 @@ static int ssl_sock_handshake(struct connection *conn, unsigned int flag) if (ret == SSL_READ_EARLY_DATA_ERROR) goto check_error; if (read_data > 0) { + const char *alpn; + int len; + conn->flags |= CO_FL_EARLY_DATA; b_add(&ctx->early_buf, read_data); + if (ssl_sock_get_alpn(conn, ctx, &alpn, &len) != 0) { + /* + * We have an ALPN set already, so we + * know which mux to use, and we have + * early data, let's create the mux + * now. + */ + if (!conn->mux) + conn_create_mux(conn); + } } if (ret == SSL_READ_EARLY_DATA_FINISH) { conn->flags &= ~CO_FL_EARLY_SSL_HS; -- 1.7.10.4