From: Hugo Landau <hlandau@openssl.org>
Date: Mon, 16 Jan 2023 15:35:05 +0000 (+0000)
Subject: QUIC SSL: SSL_set_quiet_shutdown
X-Git-Tag: openssl-3.2.0-alpha1~516
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f66f0d3ce1667c04d08f158565320237a59593f6;p=thirdparty%2Fopenssl.git

QUIC SSL: SSL_set_quiet_shutdown

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
---

diff --git a/doc/man3/SSL_CTX_set_quiet_shutdown.pod b/doc/man3/SSL_CTX_set_quiet_shutdown.pod
index a99c4c6b9c8..fc8c2725f70 100644
--- a/doc/man3/SSL_CTX_set_quiet_shutdown.pod
+++ b/doc/man3/SSL_CTX_set_quiet_shutdown.pod
@@ -30,6 +30,8 @@ B<mode> may be 0 or 1.
 
 SSL_get_quiet_shutdown() returns the "quiet shutdown" setting of B<ssl>.
 
+These functions are not supported for QUIC SSL objects.
+
 =head1 NOTES
 
 Normally when a SSL connection is finished, the parties must send out
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 057c8e895a2..9c5b29e3317 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -822,7 +822,7 @@ SSL *ossl_ssl_connection_new_int(SSL_CTX *ctx, const SSL_METHOD *method)
     if (s->param == NULL)
         goto asn1err;
     X509_VERIFY_PARAM_inherit(s->param, ctx->param);
-    s->quiet_shutdown = ctx->quiet_shutdown;
+    s->quiet_shutdown = IS_QUIC_CTX(ctx) ? 0 : ctx->quiet_shutdown;
 
     if (!IS_QUIC_CTX(ctx))
         s->ext.max_fragment_len_mode = ctx->ext.max_fragment_len_mode;
@@ -5123,7 +5123,7 @@ void SSL_set_quiet_shutdown(SSL *s, int mode)
 {
     SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
 
-    /* TODO(QUIC): Do we want this for QUIC? */
+    /* TODO(QUIC): Currently not supported for QUIC. */
     if (sc == NULL)
         return;
 
@@ -5134,7 +5134,7 @@ int SSL_get_quiet_shutdown(const SSL *s)
 {
     const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL_ONLY(s);
 
-    /* TODO(QUIC): Do we want this for QUIC? */
+    /* TODO(QUIC): Currently not supported for QUIC. */
     if (sc == NULL)
         return 0;
 
diff --git a/test/quicapitest.c b/test/quicapitest.c
index a2bf90f43a7..824f1f4e1ae 100644
--- a/test/quicapitest.c
+++ b/test/quicapitest.c
@@ -438,6 +438,7 @@ static int test_quic_forbidden_options(void)
     SSL_CTX_set_read_ahead(ctx, 1);
     SSL_CTX_set_max_early_data(ctx, 1);
     SSL_CTX_set_recv_max_early_data(ctx, 1);
+    SSL_CTX_set_quiet_shutdown(ctx, 1);
 
     if (!TEST_ptr(ssl = SSL_new(ctx)))
         goto err;
@@ -509,6 +510,10 @@ static int test_quic_forbidden_options(void)
     if  (!TEST_false(SSL_stateless(ssl)))
         goto err;
 
+    /* Quiet Shutdown */
+    if (!TEST_false(SSL_get_quiet_shutdown(ssl)))
+        goto err;
+
     testresult = 1;
 err:
     SSL_free(ssl);