Update port_make_channel to behave for accept_ex/accept_connection

Based on the value of the using_peeloff flag, we need to choose if we're
going to create a user_ssl when creating a new channel

Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27397)

diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c
index c141fa705274c5d9c9ec7db389c18145010ed6cb..122264b09c80d9fdbfde01687ae520933483118d 100644 (file)
--- a/ssl/quic/quic_impl.c
+++ b/ssl/quic/quic_impl.c
@@ -4698,13 +4698,13 @@ SSL *ossl_quic_accept_connection(SSL *ssl, uint64_t flags)
     if (!ql_listen(ctx.ql))
         goto out;
 
-    if (ossl_quic_get_using_peeloff(ctx.ql->port) == 1) {
+    if (ossl_quic_port_get_using_peeloff(ctx.ql->port) == 1) {
         QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED,
                                     "This listener is using SSL_accept_ex");
         goto out; 
     }
     
-    ossl_quic_set_using_peeloff(ctx.ql->port, -1);
+    ossl_quic_port_set_using_peeloff(ctx.ql->port, -1);
 
     /* Wait for an incoming connection if needed. */
     new_ch = ossl_quic_port_pop_incoming(ctx.ql->port);

diff --git a/ssl/quic/quic_port.c b/ssl/quic/quic_port.c
index 8264699f872bba370b89e636ac8111f006833970..8043fde4ff19d77ad60fe924a09e197ab5ca0f7a 100644 (file)
--- a/ssl/quic/quic_port.c
+++ b/ssl/quic/quic_port.c
@@ -533,28 +533,34 @@ static QUIC_CHANNEL *port_make_channel(QUIC_PORT *port, SSL *tls, OSSL_QRX *qrx,
     if (ch == NULL)
         return NULL;
 
-    /*
-     * Fixup the channel tls connection here before we init the channel
-     */
-    ch->tls = (tls != NULL) ? tls : port_new_handshake_layer(port, ch);
-
-    if (ch->tls == NULL) {
-        OPENSSL_free(ch);
-        return NULL;
-    }
-
+    if (tls != NULL) {
+        ch->tls = tls;
+    } else {
+        if (ossl_quic_port_get_using_peeloff(port) <= 0) {
+            ossl_quic_port_set_using_peeloff(port, -1);
+            /*
+             * We're using the normal SSL_accept_connection_path
+             */
+            ch->tls = port_new_handshake_layer(port, ch);
 #ifndef OPENSSL_NO_QLOG
-    /*
-     * If we're using qlog, make sure the tls get further configured properly
-     */
-    ch->use_qlog = 1;
-    if (ch->tls->ctx->qlog_title != NULL) {
-        if ((ch->qlog_title = OPENSSL_strdup(ch->tls->ctx->qlog_title)) == NULL) {
-            OPENSSL_free(ch);
-            return NULL;
+            /*
+             * If we're using qlog, make sure the tls get further configured properly
+             */
+            ch->use_qlog = 1;
+            if (ch->tls->ctx->qlog_title != NULL) {
+                if ((ch->qlog_title = OPENSSL_strdup(ch->tls->ctx->qlog_title)) == NULL) {
+                    OPENSSL_free(ch);
+                    return NULL;
+                }
+            }
+#endif
+        } else {
+            /*
+             * We're deferring user ssl creation until SSL_accept_ex is called
+             */
+            ch->tls = NULL;
         }
     }
-#endif
 
     /*
      * And finally init the channel struct