From: Alexandr Nedvedicky Date: Wed, 5 Nov 2025 07:24:59 +0000 (+0100) Subject: Clarify processing of CRYPTO frame in SSL_set_quic_tls_cbs(3ossl) X-Git-Tag: 4.0-PRE-CLANG-FORMAT-WEBKIT~211 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ca24748b80987ee49073bb07a4dda73f6eb12c8c;p=thirdparty%2Fopenssl.git Clarify processing of CRYPTO frame in SSL_set_quic_tls_cbs(3ossl) We should remind 3rd-party QUIC stack implementors their QUIC stack must ensure to provide all CRYPTO frames to OpeNSSL/TLS for processing. The CRYPTO frames keeping coming even after confirmation of TLS hanndshake. Fixes #28963 Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/29070) --- diff --git a/doc/man3/SSL_set_quic_tls_cbs.pod b/doc/man3/SSL_set_quic_tls_cbs.pod index 75d217bdeaa..65dab1d974b 100644 --- a/doc/man3/SSL_set_quic_tls_cbs.pod +++ b/doc/man3/SSL_set_quic_tls_cbs.pod @@ -70,6 +70,11 @@ given SSL object I, a set of callbacks are supplied in an B table via I. The I parameter will be passed as an argument when the various callbacks are called. +The above callbacks are invoked, as needed, by SSL_do_handshake() and SSL_read() (including +SSL_read_ex, SSL_peek, SSL_peek_ex). Once the SSL handshake is complete, the QUIC +stack must arrange to call one of the SSL_read() variants whenever a post-handshake CRYPTO +frame is received. The number of bytes requested may be zero. + An B table should consist of an array of B entries where each entry is a function id, and a function pointer. The array should be terminated with an empty entry (i.e. a 0 function id, and a NULL function