QUIC SSL: Block SSL_clear

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)

diff --git a/doc/man3/SSL_clear.pod b/doc/man3/SSL_clear.pod
index f5fc6e68ed2ba8b647053dbc9438dcbf212195f0..c4d2fa34c8b01cd0cf595bfef8a1d34632e157ff 100644 (file)
--- a/doc/man3/SSL_clear.pod
+++ b/doc/man3/SSL_clear.pod
@@ -34,6 +34,8 @@ server method, even if TLS_*_methods were chosen on startup. This
 will might lead to connection failures (see L<SSL_new(3)>)
 for a description of the method's properties.
 
+This function is not supported on QUIC SSL objects.
+
 =head1 WARNINGS
 
 SSL_clear() resets the SSL object to allow for another connection. The

diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c
index 07f759522ab706f4e7fd121037d682d903a79bf8..1a09d82c5c76b493e4c4c0bf7bd85018b84a3ab1 100644 (file)
--- a/ssl/quic/quic_impl.c
+++ b/ssl/quic/quic_impl.c
@@ -493,7 +493,7 @@ void ossl_quic_deinit(SSL *s)
     /* No-op. */
 }
 
-/* SSL_reset */
+/* SSL_clear (ssl_reset method) */
 int ossl_quic_reset(SSL *s)
 {
     QCTX ctx;
@@ -501,11 +501,11 @@ int ossl_quic_reset(SSL *s)
     if (!expect_quic(s, &ctx))
         return 0;
 
-    /* TODO(QUIC); Currently a no-op. */
-    return 1;
+    /* Not supported. */
+    return 0;
 }
 
-/* SSL_clear */
+/* ssl_clear method (unused) */
 int ossl_quic_clear(SSL *s)
 {
     QCTX ctx;

diff --git a/test/quicapitest.c b/test/quicapitest.c
index 55f4bf006b2b438ef77791b5d20ff3a61706755c..78f13cf69467da1bb79acaea60cdc2e964fe2b8d 100644 (file)
--- a/test/quicapitest.c
+++ b/test/quicapitest.c
@@ -518,6 +518,10 @@ static int test_quic_forbidden_options(void)
     if (!TEST_ptr_null(SSL_dup(ssl)))
         goto err;
 
+    /* No clear */
+    if (!TEST_false(SSL_clear(ssl)))
+        goto err;
+
     testresult = 1;
 err:
     SSL_free(ssl);