From: Hugo Landau Date: Mon, 16 Jan 2023 15:28:40 +0000 (+0000) Subject: QUIC SSL: HelloRetryRequest X-Git-Tag: openssl-3.2.0-alpha1~521 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a1c56bbe79bcafb25880ce1deb7b75e2c6f5e0ce;p=thirdparty%2Fopenssl.git QUIC SSL: HelloRetryRequest Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/20061) --- diff --git a/doc/man3/DTLSv1_listen.pod b/doc/man3/DTLSv1_listen.pod index b16a82de9a8..ecf11b8915b 100644 --- a/doc/man3/DTLSv1_listen.pod +++ b/doc/man3/DTLSv1_listen.pod @@ -103,6 +103,8 @@ TLSv1.3 is used. Both SSL_stateless() and DTLSv1_listen() will clear the error queue when they start. +SSL_stateless() cannot be used with QUIC SSL objects. + =head1 RETURN VALUES For SSL_stateless() a return value of 1 indicates success and the B object diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 036cc83ca06..97a95ce4b99 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -6972,8 +6972,7 @@ int SSL_stateless(SSL *s) int ret; SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); - /* TODO(QUIC): This will need further work. */ - if (sc == NULL) + if (sc == NULL || IS_QUIC_SSL(s)) return 0; /* Ensure there is no state left over from a previous invocation */ diff --git a/test/quicapitest.c b/test/quicapitest.c index d85dbcff604..1205e968da6 100644 --- a/test/quicapitest.c +++ b/test/quicapitest.c @@ -490,10 +490,14 @@ static int test_quic_forbidden_options(void) goto err; /* Buffer Management */ - if (!TEST_true(SSL_allocate_buffers(ssl)) + if (!TEST_true(SSL_alloc_buffers(ssl)) || !TEST_false(SSL_free_buffers(ssl))) goto err; + /* HRR */ + if (!TEST_false(SSL_stateless(ssl))) + goto err; + testresult = 1; err: SSL_free(ssl);