From 5e9f940885f405319f82e17b23b1882fe119f9b1 Mon Sep 17 00:00:00 2001 From: Frederic Lecaille Date: Thu, 12 Jun 2025 17:37:49 +0200 Subject: [PATCH] BUG/MINOR: quic: Fix OSSL_FUNC_SSL_QUIC_TLS_got_transport_params_fn callback (OpenSSL3.5) This patch is OpenSSL3.5 QUIC API specific. It fixes OSSL_FUNC_SSL_QUIC_TLS_got_transport_params_fn() callback (see man(3) SSL_set_quic_tls_cb). The role of this callback is to store the transport parameters received by the peer. At this time it is never used by QUIC listeners because there is another callback which is used to store the transport parameters. This latter callback is not specific to OpenSSL 3.5 QUIC API. As far as I know, the TLS stack call only one time one of the callbacks which have been set to receive and store the transport parameters. That said, OSSL_FUNC_SSL_QUIC_TLS_got_transport_params_fn() is called for QUIC backends to store the server transport parameters. qc_ssl_set_quic_transport_params() is useless is this callback. It is dedicated to store the local tranport parameters (which are sent to the peer). Furthermore second parameter of quic_transport_params_store() must be 0 for a listener (or QUIC server) whichs call it, denoting it does not receive the transport parameters of a QUIC server. It must be 1 for a QUIC backend (a QUIC client which receives the transport parameter of a QUIC server). Must be backported to 3.2. --- src/quic_ssl.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/src/quic_ssl.c b/src/quic_ssl.c index 327a24402..9ae5d8159 100644 --- a/src/quic_ssl.c +++ b/src/quic_ssl.c @@ -572,8 +572,7 @@ static int ha_quic_ossl_got_transport_params(SSL *ssl, const unsigned char *para { int ret = 0; struct quic_conn *qc = SSL_get_ex_data(ssl, ssl_qc_app_data_index); - const struct quic_version *ver = - qc->negotiated_version ? qc->negotiated_version : qc->original_version; + struct listener *l = objt_listener(qc->target); TRACE_ENTER(QUIC_EV_TRANSP_PARAMS, qc); @@ -582,10 +581,8 @@ static int ha_quic_ossl_got_transport_params(SSL *ssl, const unsigned char *para QUIC_EV_TRANSP_PARAMS, qc); ret = 1; } - else { - if (!quic_transport_params_store(qc, 0, params, params + params_len) || - !qc_ssl_set_quic_transport_params(ssl, qc, ver, 1)) - goto err; + else if (!quic_transport_params_store(qc, !l, params, params + params_len)) { + goto err; } ret = 1;