Add SSL_CTX_is_quic API

Like SSL_is_quic, it would be helpful to know if SSL_CTX objects create
QUIC SSL's or not.

Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28992)

diff --git a/doc/man3/SSL_get_version.pod b/doc/man3/SSL_get_version.pod
index b8a0f5e3b15de0250beab3787f534351ec3a92ca..2412cbd1c286a217e3e1b293d0bf9d906b1a994a 100644 (file)
--- a/doc/man3/SSL_get_version.pod
+++ b/doc/man3/SSL_get_version.pod
@@ -3,7 +3,7 @@
 =head1 NAME
 
 SSL_client_version, SSL_get_version, SSL_is_dtls, SSL_is_tls, SSL_is_quic,
-SSL_version - get the protocol information of a connection
+SSL_CTX_is_quic, SSL_version - get the protocol information of a connection
 
 =head1 SYNOPSIS
 
@@ -16,6 +16,7 @@ SSL_version - get the protocol information of a connection
  int SSL_is_dtls(const SSL *ssl);
  int SSL_is_tls(const SSL *ssl);
  int SSL_is_quic(const SSL *ssl);
+ int SSL_CTX_is_quic(const SSL_CTX *ctx);
 
  int SSL_version(const SSL *s);
 
@@ -38,6 +39,8 @@ SSL_is_tls() returns 1 if the connection is using SSL/TLS or 0 if not.
 
 SSL_is_quic() returns 1 if the connection is using QUIC or 0 if not.
 
+SSL_CTX_is_quic() returns 1 if the ctx creates QUIC SSL objects or 0 if not.
+
 =head1 RETURN VALUES
 
 
@@ -140,6 +143,8 @@ L<ssl(7)>
 The SSL_is_dtls() function was added in OpenSSL 1.1.0. The SSL_is_tls() and
 SSL_is_quic() functions were added in OpenSSL 3.2.
 
+The SSL_CTX_is_quic() function was added in OpenSSL 4.0
+
 =head1 COPYRIGHT
 
 Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved.

diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in
index cb30dda92d2c8e196cfd33734d4c278919539583..87bf1cc48b2d9a91966c2c6b1042fea692a953e7 100644 (file)
--- a/include/openssl/ssl.h.in
+++ b/include/openssl/ssl.h.in
@@ -1828,6 +1828,8 @@ int SSL_up_ref(SSL *s);
 int SSL_is_dtls(const SSL *s);
 int SSL_is_tls(const SSL *s);
 int SSL_is_quic(const SSL *s);
+int SSL_CTX_is_quic(const SSL_CTX *c);
+
 __owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
                                       unsigned int sid_ctx_len);
 

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 951723748ffd358277266ec99940beb8739ff7be..54a22a1e5e461397049514d8603ce456d7b2c126 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1023,6 +1023,11 @@ int SSL_is_quic(const SSL *s)
     return IS_QUIC(s);
 }
 
+int SSL_CTX_is_quic(const SSL_CTX *c)
+{
+    return IS_QUIC_CTX(c);
+}
+
 int SSL_up_ref(SSL *s)
 {
     int i;

diff --git a/util/libssl.num b/util/libssl.num
index f64c8ac069316324dec82e62144c2308fe0978d2..54e03438a12a281b61039c62886e4d42a667bfec 100644 (file)
--- a/util/libssl.num
+++ b/util/libssl.num
@@ -606,3 +606,4 @@ SSL_CTX_get0_server_cert_type           ?   4_0_0   EXIST::FUNCTION:
 SSL_set_quic_tls_cbs                    ?      4_0_0   EXIST::FUNCTION:
 SSL_set_quic_tls_transport_params       ?      4_0_0   EXIST::FUNCTION:
 SSL_set_quic_tls_early_data_enabled     ?      4_0_0   EXIST::FUNCTION:
+SSL_CTX_is_quic                         ?      4_0_0   EXIST::FUNCTION: