From: Hugo Landau <hlandau@openssl.org>
Date: Mon, 16 Jan 2023 15:36:07 +0000 (+0000)
Subject: QUIC SSL: Block SSL_dup
X-Git-Tag: openssl-3.2.0-alpha1~515
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=764817c4aa1b7f9aa188cab0d3b2033e08025c73;p=thirdparty%2Fopenssl.git

QUIC SSL: Block SSL_dup

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
---

diff --git a/doc/man3/SSL_new.pod b/doc/man3/SSL_new.pod
index 59d275523f9..09171278316 100644
--- a/doc/man3/SSL_new.pod
+++ b/doc/man3/SSL_new.pod
@@ -96,6 +96,8 @@ SSL_set0_client_CA_list() or similar functions
 
 =back
 
+SSL_dup() is not supported on QUIC SSL objects.
+
 =head1 RETURN VALUES
 
 The following return values can occur:
diff --git a/test/quicapitest.c b/test/quicapitest.c
index 824f1f4e1ae..55f4bf006b2 100644
--- a/test/quicapitest.c
+++ b/test/quicapitest.c
@@ -514,6 +514,10 @@ static int test_quic_forbidden_options(void)
     if (!TEST_false(SSL_get_quiet_shutdown(ssl)))
         goto err;
 
+    /* No duplication */
+    if (!TEST_ptr_null(SSL_dup(ssl)))
+        goto err;
+
     testresult = 1;
 err:
     SSL_free(ssl);