From a956d151183e412c049b40d11ea384fb9f2fc9b4 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Fr=C3=A9d=C3=A9ric=20L=C3=A9caille?= <flecaille@haproxy.com>
Date: Wed, 10 Nov 2021 09:24:22 +0100
Subject: [PATCH] MINOR: quic: Support transport parameters draft TLS extension

If we want to run quic-tracker against haproxy, we must at least
support the draft version of the TLS extension for the QUIC transport
parameters (0xffa5). quic-tracker QUIC version is draft-29 at this time.
We select this depending on the QUIC version. If draft, we select the
draft TLS extension.
---
 include/haproxy/quic_tls-t.h  | 5 +++--
 include/haproxy/xprt_quic-t.h | 2 ++
 src/ssl_sock.c                | 4 ++--
 src/xprt_quic.c               | 3 +++
 4 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/include/haproxy/quic_tls-t.h b/include/haproxy/quic_tls-t.h
index 8c11a2d30..e2f5fb16a 100644
--- a/include/haproxy/quic_tls-t.h
+++ b/include/haproxy/quic_tls-t.h
@@ -37,8 +37,9 @@
 #endif
 #endif
 
-/* The TLS extension (enum) for QUIC transport parameters */
-#define TLS_EXTENSION_QUIC_TRANSPORT_PARAMETERS 0x0039
+/* The TLS extensions for QUIC transport parameters */
+#define TLS_EXTENSION_QUIC_TRANSPORT_PARAMETERS       0x0039
+#define TLS_EXTENSION_QUIC_TRANSPORT_PARAMETERS_DRAFT 0xffa5
 
 /* QUIC handshake states for both clients and servers. */
 enum quic_handshake_state {
diff --git a/include/haproxy/xprt_quic-t.h b/include/haproxy/xprt_quic-t.h
index df4f5b4eb..be3e8d087 100644
--- a/include/haproxy/xprt_quic-t.h
+++ b/include/haproxy/xprt_quic-t.h
@@ -608,6 +608,8 @@ struct rxbuf {
 #define QUIC_FL_PKTNS_ACK_REQUIRED  (1UL << QUIC_FL_PKTNS_ACK_REQUIRED_BIT)
 struct quic_conn {
 	uint32_t version;
+	/* QUIC transport parameters TLS extension */
+	int tps_tls_ext;
 
 	int state;
 	unsigned char enc_params[QUIC_TP_MAX_ENCLEN]; /* encoded QUIC transport parameters */
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 6dd0ce689..2df48e034 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -2451,10 +2451,10 @@ int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *arg)
 	if (conn->qc) {
 		/* Look for the QUIC transport parameters. */
 #ifdef OPENSSL_IS_BORINGSSL
-		if (!SSL_early_callback_ctx_extension_get(ctx, TLS_EXTENSION_QUIC_TRANSPORT_PARAMETERS,
+		if (!SSL_early_callback_ctx_extension_get(ctx, con->qc->tps_tls_ext,
 		                                          &extension_data, &extension_len))
 #else
-		if (!SSL_client_hello_get0_ext(ssl, TLS_EXTENSION_QUIC_TRANSPORT_PARAMETERS,
+		if (!SSL_client_hello_get0_ext(ssl, conn->qc->tps_tls_ext,
 		                               &extension_data, &extension_len))
 #endif
 			goto abort;
diff --git a/src/xprt_quic.c b/src/xprt_quic.c
index a79e05e38..27b67ee64 100644
--- a/src/xprt_quic.c
+++ b/src/xprt_quic.c
@@ -3095,6 +3095,9 @@ static struct quic_conn *qc_new_conn(unsigned int version, int ipv4,
 	}
 
 	qc->version = version;
+	qc->tps_tls_ext = qc->version & 0xff000000 ?
+		TLS_EXTENSION_QUIC_TRANSPORT_PARAMETERS_DRAFT:
+		TLS_EXTENSION_QUIC_TRANSPORT_PARAMETERS;
 	/* TX part. */
 	LIST_INIT(&qc->tx.frms_to_send);
 	qc->tx.nb_buf = QUIC_CONN_TX_BUFS_NB;
-- 
2.47.3