MINOR: ssl_sock: Early data disabled during SSL_CTX switching (aws-lc)

This patch impacts only haproxy when built against aws-lc TLS stack (OPENSSL_IS_AWSLC).

During the SSL_CTX switching from ssl_sock_switchctx_cbk() callback,
ssl_sock_switchctx_set() is called. This latter calls SSL_set_SSL_CTX()
whose aims is to change the SSL_CTX attached o an SSL object (TLS session).
But the aws-lc (or boringssl) implementation of this function copy
the "early data enabled" setting value (boolean) coming with the SSL_CTX object
into the SSL object. So, if not set in the SSL_CTX object this setting disabled
the one which has been set by configuration into the SSL object
(see qc_set_quic_early_data_enabled(), it calls SSL_set_early_data_enabled()
with an SSL object as parameter).

Fix this enabling the "early data enabled" setting into the SSL_CTX before
setting this latter into the SSL object.

This patch is required to make QUIC 0-RTT work with haproxy built against
aws-lc.

Note that, this patch should also help in early data support for TCP connections.

src/ssl_sock.c

@@ -2448,6 +2448,14 @@ sni_lookup:
 		return SSL_TLSEXT_ERR_ALERT_FATAL;
 	}
 
+#if defined(OPENSSL_IS_AWSLC)
+	/* Note that ssl_sock_switchctx_set() calls SSL_set_SSL_CTX() which propagates the
+	 * "early data enabled" setting from the SSL_CTX object to the SSL objects.
+	 * So enable early data for this SSL_CTX context if configured.
+	 */
+	if (s->ssl_conf.early_data)
+		SSL_CTX_set_early_data_enabled(container_of(node, struct sni_ctx, name)->ctx, 1);
+#endif
 	/* switch ctx */
 	ssl_sock_switchctx_set(ssl, container_of(node, struct sni_ctx, name)->ctx);
 	HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);