QUIC SSL: HelloRetryRequest

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)

diff --git a/doc/man3/DTLSv1_listen.pod b/doc/man3/DTLSv1_listen.pod
index b16a82de9a8e9eaa4881699609375fd26fe311a8..ecf11b8915ba796dce3d363779fa1d7f788bb204 100644 (file)
--- a/doc/man3/DTLSv1_listen.pod
+++ b/doc/man3/DTLSv1_listen.pod
@@ -103,6 +103,8 @@ TLSv1.3 is used.
 Both SSL_stateless() and DTLSv1_listen() will clear the error queue when they
 start.
 
+SSL_stateless() cannot be used with QUIC SSL objects.
+
 =head1 RETURN VALUES
 
 For SSL_stateless() a return value of 1 indicates success and the B<ssl> object

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 036cc83ca0608509414d34652efe7afe94ebcbdf..97a95ce4b99b46245bdc387bb67184608ba025e9 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -6972,8 +6972,7 @@ int SSL_stateless(SSL *s)
     int ret;
     SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
 
-    /* TODO(QUIC): This will need further work. */
-    if (sc == NULL)
+    if (sc == NULL || IS_QUIC_SSL(s))
         return 0;
 
     /* Ensure there is no state left over from a previous invocation */

diff --git a/test/quicapitest.c b/test/quicapitest.c
index d85dbcff6043c019030c926343f2a77b65357525..1205e968da6d315c322dd7faa3e1aa830bb3de51 100644 (file)
--- a/test/quicapitest.c
+++ b/test/quicapitest.c
@@ -490,10 +490,14 @@ static int test_quic_forbidden_options(void)
         goto err;
 
     /* Buffer Management */
-    if (!TEST_true(SSL_allocate_buffers(ssl))
+    if (!TEST_true(SSL_alloc_buffers(ssl))
         || !TEST_false(SSL_free_buffers(ssl)))
         goto err;
 
+    /* HRR */
+    if  (!TEST_false(SSL_stateless(ssl)))
+        goto err;
+
     testresult = 1;
 err:
     SSL_free(ssl);