MINOR: quic-be: ssl_sock contexts allocation and misc adaptations

Implement ssl_sock_new_ssl_ctx() to allocate a SSL server context as this is currently
done for TCP servers and also for QUIC servers depending on the <is_quic> boolean value
passed as new parameter. For QUIC servers, this function calls ssl_quic_srv_new_ssl_ctx()
which is specific to QUIC.

include/haproxy/ssl_ckch.h

@@ -62,7 +62,7 @@ struct ckch_inst *ckch_inst_new();
 int ckch_inst_new_load_store(const char *path, struct ckch_store *ckchs, struct bind_conf *bind_conf,
                              struct ssl_bind_conf *ssl_conf, char **sni_filter, int fcount, int is_default, struct ckch_inst **ckchi, char **err);
 int ckch_inst_new_load_srv_store(const char *path, struct ckch_store *ckchs,
-                                 struct ckch_inst **ckchi, char **err);
+                                 struct ckch_inst **ckchi, char **err, int is_quic);
 int ckch_inst_rebuild(struct ckch_store *ckch_store, struct ckch_inst *ckchi,
                       struct ckch_inst **new_inst, char **err);
 

src/ssl_ckch.c

@@ -2601,8 +2601,9 @@ int ckch_inst_rebuild(struct ckch_store *ckch_store, struct ckch_inst *ckchi,
 		fcount = ckchi->crtlist_entry->fcount;
 	}
 
-	if (ckchi->is_server_instance)
-		errcode |= ckch_inst_new_load_srv_store(ckch_store->path, ckch_store, new_inst, err);
+	if (ckchi->is_server_instance) {
+		errcode |= ckch_inst_new_load_srv_store(ckch_store->path, ckch_store, new_inst, err, srv_is_quic(ckchi->server));
+	}
 	else
 		errcode |= ckch_inst_new_load_store(ckch_store->path, ckch_store, ckchi->bind_conf, ckchi->ssl_conf, sni_filter, fcount, ckchi->is_default, new_inst, err);
 

src/ssl_sock.c

@@ -65,6 +65,7 @@
 #include <haproxy/proxy.h>
 #include <haproxy/quic_conn.h>
 #include <haproxy/quic_openssl_compat.h>
+#include <haproxy/quic_ssl.h>
 #include <haproxy/quic_tp.h>
 #include <haproxy/sample.h>
 #include <haproxy/sc_strm.h>
@@ -3039,6 +3040,20 @@ error:
 	return errcode;
 }
 
+#ifdef USE_QUIC
+static inline SSL_CTX *ssl_sock_new_ssl_ctx(int is_quic)
+{
+	if (is_quic)
+		return ssl_quic_srv_new_ssl_ctx();
+	else
+		return SSL_CTX_new(SSLv23_client_method());
+}
+#else
+static inline SSL_CTX *ssl_sock_new_ssl_ctx(int is_quic)
+{
+	return SSL_CTX_new(SSLv23_client_method());
+}
+#endif
 
 /*
  * This function allocate a ckch_inst that will be used on the backend side
@@ -3050,7 +3065,7 @@ error:
  *     ERR_WARN if a warning is available into err
  */
 int ckch_inst_new_load_srv_store(const char *path, struct ckch_store *ckchs,
-				 struct ckch_inst **ckchi, char **err)
+				 struct ckch_inst **ckchi, char **err, int is_quic)
 {
 	SSL_CTX *ctx;
 	struct ckch_data *data;
@@ -3064,7 +3079,7 @@ int ckch_inst_new_load_srv_store(const char *path, struct ckch_store *ckchs,
 
 	data = ckchs->data;
 
-	ctx = SSL_CTX_new(SSLv23_client_method());
+	ctx = ssl_sock_new_ssl_ctx(is_quic);
 	if (!ctx) {
 		memprintf(err, "%sunable to allocate SSL context for cert '%s'.\n",
 		          err && *err ? *err : "", path);
@@ -3135,7 +3150,8 @@ static int ssl_sock_load_srv_ckchs(const char *path, struct ckch_store *ckchs,
 	int errcode = 0;
 
 	/* we found the ckchs in the tree, we can use it directly */
-	errcode |= ckch_inst_new_load_srv_store(path, ckchs, ckch_inst, err);
+	errcode |= ckch_inst_new_load_srv_store(path, ckchs, ckch_inst, err,
+	                                        srv_is_quic(server));
 
 	if (errcode & ERR_CODE)
 		return errcode;
@@ -4427,7 +4443,7 @@ int ssl_sock_prepare_srv_ctx(struct server *srv)
 	/* The context will be uninitialized if there wasn't any "cert" option
 	 * in the server line. */
 	if (!ctx) {
-		ctx = SSL_CTX_new(SSLv23_client_method());
+		ctx = ssl_sock_new_ssl_ctx(srv_is_quic(srv));
 		if (!ctx) {
 			ha_alert("unable to allocate ssl context.\n");
 			cfgerr++;