mirror/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git synced 2026-02-07 19:24:45 +02:00
Code Issues Packages Projects Releases Wiki Activity

MINOR: quic: report error if force-retry without cluster-secret

Browse Source 
QUIC Retry generation relies on global cluster-secret to produce token
valid even after a process restart and across several LBs instances.

Before this patch, Retry is automatically deactivated if no
cluster-secret is provided. This is the case even if a user has
configured a QUIC listener with quic-force-retry. Change this behavior
by now returning an error during configuration parsing. The user must
provide a cluster-secret if quic-force-retry is used.

This shoud be backported up to 2.6.
This commit is contained in:
Amaury Denoyelle
2022-11-14 16:17:13 +01:00
parent 936c135e05
commit 996ca7d0fa
2 changed files with 10 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/cfgparse.c
View File

@@ -4317,8 +4317,13 @@ init_proxies_list_stage2:
#ifdef USE_QUIC
/* override the accept callback for QUIC listeners. */
if (listener->flags & LI_F_QUIC_LISTENER) {
if (!global.cluster_secret)
if (!global.cluster_secret) {
diag_no_cluster_secret = 1;
if (listener->bind_conf->options & BC_O_QUIC_FORCE_RETRY) {
ha_alert("QUIC listener with quic-force-retry requires global cluster-secret to be set.\n");
cfgerr++;
}
}
li_init_per_thr(listener);
}