From: William Lallemand <wlallemand@haproxy.com>
Date: Wed, 19 Nov 2025 10:00:05 +0000 (+0100)
Subject: BUG/MINOR: ssl: remove dead code in ssl_sock_from_buf()
X-Git-Tag: v3.3-dev14~38
X-Git-Url: http://www.kaiwu.me/postgresql/commit/static/gitweb.js?a=commitdiff_plain;h=c8540f7437a4d432f8cb51fa3278a037e713699f;p=haproxy.git

BUG/MINOR: ssl: remove dead code in ssl_sock_from_buf()

When haproxy is compiled in -O0, the SSL_get_max_early_data() symbol is
used in the generated assembly, however -O2 seems to remove this symbol
when optimizing the code.

It happens because `if conn_is_back(conn)` and `if
(objt_listener(conn->target))` are opposed conditions, which mean we
never use the branch when objt_listener(conn->target) is true.

This patch removes the dead code. Bonus: SSL_get_max_early_data() is not
implemented in rustls, and that's the only thing preventing to start
with it.

This can be backported in every stable branches.
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index fea5951ee..40d5da29e 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -7245,14 +7245,10 @@ static size_t ssl_sock_from_buf(struct connection *conn, void *xprt_ctx, const s
 		if ((ctx->flags & SSL_SOCK_F_EARLY_ENABLED) && conn_is_back(conn)) {
 			unsigned int max_early;
 
-			if (objt_listener(conn->target))
-				max_early = SSL_get_max_early_data(ctx->ssl);
-			else {
-				if (SSL_get0_session(ctx->ssl))
-					max_early = SSL_SESSION_get_max_early_data(SSL_get0_session(ctx->ssl));
-				else
-					max_early = 0;
-			}
+			if (SSL_get0_session(ctx->ssl))
+				max_early = SSL_SESSION_get_max_early_data(SSL_get0_session(ctx->ssl));
+			else
+				max_early = 0;
 
 			if (try + ctx->sent_early_data > max_early) {
 				try -= (try + ctx->sent_early_data) - max_early;