From: Matt Caswell <matt@openssl.org>
Date: Fri, 28 Jul 2023 15:04:14 +0000 (+0100)
Subject: Ensure the QUIC TLS SSL object is marked as shutdown
X-Git-Tag: openssl-3.2.0-alpha1~326
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f219abef51fd47fa5945d23bbdc379778e512dc5;p=thirdparty%2Fopenssl.git

Ensure the QUIC TLS SSL object is marked as shutdown

If we shutdown the QUIC connection then we should mark the underlying
TLS SSL object as shutdown as well. Otherwise any sessions are considered
unusable for resumption.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21591)
---

diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c
index 1e983e3fc08..89475f38891 100644
--- a/ssl/quic/quic_impl.c
+++ b/ssl/quic/quic_impl.c
@@ -1203,6 +1203,8 @@ int ossl_quic_conn_shutdown(SSL *s, uint64_t flags,
     ossl_quic_channel_local_close(ctx.qc->ch,
                                   args != NULL ? args->quic_error_code : 0);
 
+    SSL_set_shutdown(ctx.qc->tls, SSL_SENT_SHUTDOWN);
+
     if (ossl_quic_channel_is_terminated(ctx.qc->ch)) {
         quic_unlock(ctx.qc);
         return 1;