From: Neil Horman <nhorman@openssl.org>
Date: Sat, 25 Oct 2025 11:12:50 +0000 (-0400)
Subject: Add SSL_CTX_is_quic API
X-Git-Tag: 4.0-PRE-CLANG-FORMAT-WEBKIT~152
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=771814bee7bde0e03d8b83abba38c1dad0f42e0f;p=thirdparty%2Fopenssl.git

Add SSL_CTX_is_quic API

Like SSL_is_quic, it would be helpful to know if SSL_CTX objects create
QUIC SSL's or not.

Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28992)
---

diff --git a/doc/man3/SSL_get_version.pod b/doc/man3/SSL_get_version.pod
index b8a0f5e3b15..2412cbd1c28 100644
--- a/doc/man3/SSL_get_version.pod
+++ b/doc/man3/SSL_get_version.pod
@@ -3,7 +3,7 @@
 =head1 NAME
 
 SSL_client_version, SSL_get_version, SSL_is_dtls, SSL_is_tls, SSL_is_quic,
-SSL_version - get the protocol information of a connection
+SSL_CTX_is_quic, SSL_version - get the protocol information of a connection
 
 =head1 SYNOPSIS
 
@@ -16,6 +16,7 @@ SSL_version - get the protocol information of a connection
  int SSL_is_dtls(const SSL *ssl);
  int SSL_is_tls(const SSL *ssl);
  int SSL_is_quic(const SSL *ssl);
+ int SSL_CTX_is_quic(const SSL_CTX *ctx);
 
  int SSL_version(const SSL *s);
 
@@ -38,6 +39,8 @@ SSL_is_tls() returns 1 if the connection is using SSL/TLS or 0 if not.
 
 SSL_is_quic() returns 1 if the connection is using QUIC or 0 if not.
 
+SSL_CTX_is_quic() returns 1 if the ctx creates QUIC SSL objects or 0 if not.
+
 =head1 RETURN VALUES
 
 
@@ -140,6 +143,8 @@ L<ssl(7)>
 The SSL_is_dtls() function was added in OpenSSL 1.1.0. The SSL_is_tls() and
 SSL_is_quic() functions were added in OpenSSL 3.2.
 
+The SSL_CTX_is_quic() function was added in OpenSSL 4.0
+
 =head1 COPYRIGHT
 
 Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in
index cb30dda92d2..87bf1cc48b2 100644
--- a/include/openssl/ssl.h.in
+++ b/include/openssl/ssl.h.in
@@ -1828,6 +1828,8 @@ int SSL_up_ref(SSL *s);
 int SSL_is_dtls(const SSL *s);
 int SSL_is_tls(const SSL *s);
 int SSL_is_quic(const SSL *s);
+int SSL_CTX_is_quic(const SSL_CTX *c);
+
 __owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
                                       unsigned int sid_ctx_len);
 
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 951723748ff..54a22a1e5e4 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1023,6 +1023,11 @@ int SSL_is_quic(const SSL *s)
     return IS_QUIC(s);
 }
 
+int SSL_CTX_is_quic(const SSL_CTX *c)
+{
+    return IS_QUIC_CTX(c);
+}
+
 int SSL_up_ref(SSL *s)
 {
     int i;
diff --git a/util/libssl.num b/util/libssl.num
index f64c8ac0693..54e03438a12 100644
--- a/util/libssl.num
+++ b/util/libssl.num
@@ -606,3 +606,4 @@ SSL_CTX_get0_server_cert_type           ?	4_0_0	EXIST::FUNCTION:
 SSL_set_quic_tls_cbs                    ?	4_0_0	EXIST::FUNCTION:
 SSL_set_quic_tls_transport_params       ?	4_0_0	EXIST::FUNCTION:
 SSL_set_quic_tls_early_data_enabled     ?	4_0_0	EXIST::FUNCTION:
+SSL_CTX_is_quic                         ?	4_0_0	EXIST::FUNCTION: