quic_impl.c: pass correct SSL to ossl_ssl_connection_new_int in ossl_quic_new_from_li...

In ossl_quic_new_from_listener(), the call to ossl_ssl_connection_new_int()
was passing NULL for the user_ssl parameter.  NULL causes s->user_ssl
to be set to the inner TLS ssl object, so the inner SSL object points
to itself rather than to the outer QUIC connection object.

The fix passes &qc->obj.ssl instead of NULL.  Afterwards,
ossl_quic_obj_init() will initialize &qc->obj.ssl in place.

Resolves: https://github.com/openssl/project/issues/989
Fixes: 0b15147a37c5 "Implement SSL_new_from_listener()"
Reviewed-by: Bob Beck <beck@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.foundation>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
MergeDate: Tue May 26 14:12:45 2026
(Merged from https://github.com/openssl/openssl/pull/31257)

diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c
index 3e2303e7fe451759f7a2f0f1778ed90b8ccee226..df2b9fa0e31c9d9da8807ee75f8d51d60a155bc8 100644 (file)
--- a/ssl/quic/quic_impl.c
+++ b/ssl/quic/quic_impl.c
@@ -4881,7 +4881,7 @@ SSL *ossl_quic_new_from_listener(SSL *ssl, uint64_t flags)
 #endif
 
     /* Create the handshake layer. */
-    qc->tls = ossl_ssl_connection_new_int(ql->obj.ssl.ctx, NULL, TLS_method());
+    qc->tls = ossl_ssl_connection_new_int(ql->obj.ssl.ctx, &qc->obj.ssl, TLS_method());
     if (qc->tls == NULL || (sc = SSL_CONNECTION_FROM_SSL(qc->tls)) == NULL) {
         QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
         goto err;