From 09335f9778fe5d2596fe8d4f35ee5e0987be1f4e Mon Sep 17 00:00:00 2001 From: Frederic Lecaille Date: Wed, 28 May 2025 15:58:44 +0200 Subject: [PATCH] MINOR: quic-be: Missing callbacks initializations (USE_QUIC_OPENSSL_COMPAT) quic_tls_compat_init() function is called from OpenSSL QUIC compatibility module (USE_QUIC_OPENSSL_COMPAT) to initialize the keylog callback and the callback which stores the QUIC transport parameters as a TLS extensions into the stack. These callbacks must also be initialized for QUIC backends. --- src/quic_openssl_compat.c | 2 +- src/quic_ssl.c | 11 ++++++++++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/src/quic_openssl_compat.c b/src/quic_openssl_compat.c index d914ac4d0..2f36c68d6 100644 --- a/src/quic_openssl_compat.c +++ b/src/quic_openssl_compat.c @@ -58,7 +58,7 @@ static int qc_ssl_compat_add_tps_cb(SSL *ssl, unsigned int ext_type, unsigned in int quic_tls_compat_init(struct bind_conf *bind_conf, SSL_CTX *ctx) { /* Ignore non-QUIC connections */ - if (bind_conf->xprt != xprt_get(XPRT_QUIC)) + if (bind_conf && bind_conf->xprt != xprt_get(XPRT_QUIC)) return 1; /* This callback is already registered if the TLS keylog is activated for diff --git a/src/quic_ssl.c b/src/quic_ssl.c index 772a4c6a1..a455e6118 100644 --- a/src/quic_ssl.c +++ b/src/quic_ssl.c @@ -773,7 +773,7 @@ int ssl_quic_initial_ctx(struct bind_conf *bind_conf) */ SSL_CTX *ssl_quic_srv_new_ssl_ctx(void) { - SSL_CTX *ctx; + SSL_CTX *ctx = NULL; /* XXX TODO: check this: XXX */ long options = (SSL_OP_ALL & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) | @@ -791,10 +791,19 @@ SSL_CTX *ssl_quic_srv_new_ssl_ctx(void) SSL_CTX_set_options(ctx, options); SSL_CTX_set_min_proto_version(ctx, TLS1_3_VERSION); SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION); +#ifdef USE_QUIC_OPENSSL_COMPAT + if (!quic_tls_compat_init(NULL, ctx)) + goto err; +#endif leave: TRACE_LEAVE(QUIC_EV_CONN_NEW); return ctx; + err: + SSL_CTX_free(ctx); + ctx = NULL; + TRACE_DEVEL("leaving on error", QUIC_EV_CONN_NEW); + goto leave; } /* This function gives the detail of the SSL error. It is used only