From 9bb5c0578b39e5b086b6a9db5c6eb299a0fe1c5c Mon Sep 17 00:00:00 2001
From: Stefan Eissing <stefan@eissing.org>
Date: Thu, 27 Nov 2025 12:11:39 +0100
Subject: [PATCH] ngtcp2+openssl: fix leak of session

Fix return value indicating to OpenSSL if reference to session is kept
(it is not), so OpenSSL frees it.

Reported-by: Aleksei Bavshin
Fixes #19717
Closes #19718
---
 lib/vquic/curl_ngtcp2.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/lib/vquic/curl_ngtcp2.c b/lib/vquic/curl_ngtcp2.c
index ad1f2b2b25..61b233e4ff 100644
--- a/lib/vquic/curl_ngtcp2.c
+++ b/lib/vquic/curl_ngtcp2.c
@@ -2277,7 +2277,6 @@ static int quic_ossl_new_session_cb(SSL *ssl, SSL_SESSION *ssl_sessionid)
 #endif
     Curl_ossl_add_session(cf, data, ctx->peer.scache_key, ssl_sessionid,
                           SSL_version(ssl), "h3", quic_tp, quic_tp_len);
-    return 1;
   }
   return 0;
 }
-- 
2.47.3