From 764817c4aa1b7f9aa188cab0d3b2033e08025c73 Mon Sep 17 00:00:00 2001
From: Hugo Landau <hlandau@openssl.org>
Date: Mon, 16 Jan 2023 15:36:07 +0000
Subject: [PATCH] QUIC SSL: Block SSL_dup

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
---
 doc/man3/SSL_new.pod | 2 ++
 test/quicapitest.c   | 4 ++++
 2 files changed, 6 insertions(+)

diff --git a/doc/man3/SSL_new.pod b/doc/man3/SSL_new.pod
index 59d275523f9..09171278316 100644
--- a/doc/man3/SSL_new.pod
+++ b/doc/man3/SSL_new.pod
@@ -96,6 +96,8 @@ SSL_set0_client_CA_list() or similar functions
 
 =back
 
+SSL_dup() is not supported on QUIC SSL objects.
+
 =head1 RETURN VALUES
 
 The following return values can occur:
diff --git a/test/quicapitest.c b/test/quicapitest.c
index 824f1f4e1ae..55f4bf006b2 100644
--- a/test/quicapitest.c
+++ b/test/quicapitest.c
@@ -514,6 +514,10 @@ static int test_quic_forbidden_options(void)
     if (!TEST_false(SSL_get_quiet_shutdown(ssl)))
         goto err;
 
+    /* No duplication */
+    if (!TEST_ptr_null(SSL_dup(ssl)))
+        goto err;
+
     testresult = 1;
 err:
     SSL_free(ssl);
-- 
2.47.2