BIO_set_ssl_renegotiate_bytes(), BIO_set_ssl_renegotiate_timeout(),
BIO_get_num_renegotiates(), and BIO_do_handshake() are implemented as macros.
-BIO_ssl_copy_session_id() is not currently supported on QUIC SSL objects.
+BIO_ssl_copy_session_id() is not currently supported on QUIC SSL objects and
+fails if called on such an object.
=head1 RETURN VALUES
BIO_new_ssl(), BIO_new_ssl_connect() and BIO_new_buffer_ssl_connect() return
a valid B<BIO> structure on success or B<NULL> if an error occurred.
-BIO_ssl_copy_session_id() returns 1 on success or 0 on error.
+BIO_ssl_copy_session_id() returns 1 on success or 0 on error, or if called
+on a QUIC SSL object.
BIO_do_handshake() returns 1 if the connection was established successfully.
A zero or negative value is returned if the connection could not be established.
Both SSL_stateless() and DTLSv1_listen() will clear the error queue when they
start.
-SSL_stateless() cannot be used with QUIC SSL objects.
+SSL_stateless() cannot be used with QUIC SSL objects and returns an error if
+called on such an object.
=head1 RETURN VALUES
void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
unsigned int *len);
+
+
void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx,
int (*cb)(SSL *ssl,
const unsigned char **out,
provided by the callback.
NPN functionality cannot be used with QUIC SSL objects. Use of ALPN is mandatory
-when using QUIC SSL objects.
+when using QUIC SSL objects. SSL_CTX_set_next_protos_advertised_cb() and
+SSL_CTX_set_next_proto_select_cb() have no effect if called on a QUIC SSL
+context.
=head1 NOTES
SSL_get_quiet_shutdown() returns the "quiet shutdown" setting of B<ssl>.
-These functions are not supported for QUIC SSL objects.
+These functions are not supported for QUIC SSL objects. SSL_set_quiet_shutdown()
+has no effect if called on a QUIC SSL object.
=head1 NOTES
ahead has been set or not.
SSL_CTX_get_default_read_ahead() is identical to SSL_CTX_get_read_ahead().
-These functions cannot be used with QUIC SSL objects.
+These functions cannot be used with QUIC SSL objects. SSL_set_read_ahead()
+has no effect if called on a QUIC SSL object.
=head1 NOTES
or SSL_set_record_padding_callback_arg().
These functions cannot be used with QUIC SSL objects.
+SSL_set_record_padding_callback() and SSL_set_block_padding() fail if called on
+a QUIC SSL object.
=head1 RETURN VALUES
negotiated in B<session>.
These functions cannot be used with QUIC SSL objects.
+SSL_set_max_send_fragment(), SSL_set_max_pipelines(),
+SSL_set_split_send_fragment(), SSL_set_default_read_buffer_len() and
+SSL_set_tlsext_max_fragment_length() fail if called on a QUIC SSL object.
=head1 RETURN VALUES
deprecated.
SSL_set_ssl_method() cannot be used to change a non-QUIC SSL object to a QUIC
-SSL object or vice versa.
+SSL object or vice versa, or change a QUIC SSL object from one QUIC method to
+another.
=head1 RETURN VALUES
client write master salt and the server write master salt in that order.
These functions cannot be used with QUIC SSL objects.
+SSL_CTX_set_tlsext_use_srtp() fails if called on a QUIC SSL context.
+SSL_set_tlsext_use_srtp() fails if called on a QUIC SSL object.
=head1 RETURN VALUES
message is sent to the client.
Post-handshake authentication cannot be used with QUIC.
+SSL_set_post_handshake_auth() has no effect if called on a QUIC SSL object.
=head1 BUGS
will might lead to connection failures (see L<SSL_new(3)>)
for a description of the method's properties.
-This function is not supported on QUIC SSL objects.
+This function is not supported on QUIC SSL objects and returns failure if called
+on such an object.
=head1 WARNINGS
=back
-SSL_dup() is not supported on QUIC SSL objects.
+SSL_dup() is not supported on QUIC SSL objects and returns NULL if called on
+such an object.
=head1 RETURN VALUES
L</REPLAY PROTECTION> below.
These functions cannot currently be used with QUIC SSL objects.
+SSL_set_max_early_data(), SSL_set_recv_max_early_data(), SSL_write_early_data(),
+SSL_read_early_data(), SSL_get_early_data_status() and
+SSL_set_allow_early_data_cb() fail if called on a QUIC SSL object.
=head1 NOTES
=back
-When used with QUIC SSL objects, these functions always return "unknown".
+When used with QUIC SSL objects, these functions always return "RH"/"read
+header" in normal conditions.
=head1 SEE ALSO
inherit the behaviour of B<fd>. If B<fd> is nonblocking, the B<ssl> will
also have nonblocking behaviour.
-When used on a QUIC SSL object, a B<datagram BIO> is automatically created
-instead of a B<socket BIO>.
+When used on a QUIC connection SSL object, a B<datagram BIO> is automatically
+created instead of a B<socket BIO>. These functions fail if called
+on a QUIC stream SSL object.
If there was already a BIO connected to B<ssl>, BIO_free() will be called
(for both the reading and writing side, if different).
/* For use by tests only. */
QUIC_CHANNEL *ossl_quic_conn_get_channel(SSL *s);
-uint64_t ossl_quic_set_options(SSL *s, uint64_t opts);
-uint64_t ossl_quic_clear_options(SSL *s, uint64_t opts);
-uint64_t ossl_quic_get_options(SSL *s);
+
int ossl_quic_has_pending(const SSL *s);
# endif
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
+#ifndef STATEM_H
+# define STATEM_H
/*****************************************************************************
* *
ossl_statem_mutate_handshake_cb mutate_handshake_cb,
ossl_statem_finish_mutate_handshake_cb finish_mutate_handshake_cb,
void *mutatearg);
+
+#endif
#include <stdio.h>
#include <openssl/objects.h>
#include "ssl_local.h"
+#include "quic/quic_local.h"
#ifndef OPENSSL_NO_SRTP
}
/* SSL_set_options */
+QUIC_TAKES_LOCK
static uint64_t quic_mask_or_options(SSL *ssl, uint64_t mask_value, uint64_t or_value)
{
QCTX ctx;
- uint64_t r, options;
+ uint64_t options;
- if (!expect_quic_with_stream_lock(ssl, /*remote_init=*/-1, &ctx))
+ if (!expect_quic(ssl, &ctx))
return 0;
+ quic_lock(ctx.qc);
+
/*
* Currently most options that we permit are handled in the handshake
* layer.
*/
- options = (SSL_get_options(ctx.qc->tls) & ~mask_value) | or_value;
- options &= OSSL_QUIC_PERMITTED_OPTIONS;
- r = SSL_set_options(ctx.qc->tls, options);
+ or_value &= OSSL_QUIC_PERMITTED_OPTIONS;
+
+ SSL_clear_options(ctx.qc->tls, mask_value);
+ options = SSL_set_options(ctx.qc->tls, or_value);
- if (ctx.xso->stream != NULL && ctx.xso->stream->rstream != NULL)
+ if (ctx.xso != NULL
+ && ctx.xso->stream != NULL
+ && ctx.xso->stream->rstream != NULL)
ossl_quic_rstream_set_cleanse(ctx.xso->stream->rstream,
(options & SSL_OP_CLEANSE_PLAINTEXT) != 0);
quic_unlock(ctx.qc);
- return r;
+ return options;
}
uint64_t ossl_quic_set_options(SSL *ssl, uint64_t options)
{
- return quic_mask_or_options(ssl, UINT64_MAX, options);
+ return quic_mask_or_options(ssl, 0, options);
}
/* SSL_clear_options */
*/
QUIC_TAKES_LOCK
-static size_t ossl_quic_pending_int(const SSL *s)
+static size_t ossl_quic_pending_int(const SSL *s, int check_channel)
{
QCTX ctx;
size_t avail = 0;
if (!ossl_quic_rstream_available(ctx.xso->stream->rstream, &avail, &fin))
avail = 0;
+ if (avail == 0 && check_channel && ossl_quic_channel_has_pending(ctx.qc->ch))
+ avail = 1;
+
out:
quic_unlock(ctx.qc);
return avail;
size_t ossl_quic_pending(const SSL *s)
{
- return ossl_quic_pending_int(s);
+ return ossl_quic_pending_int(s, /*check_channel=*/0);
}
int ossl_quic_has_pending(const SSL *s)
{
/* Do we have app-side pending data or pending URXEs or RXEs? */
- return ossl_quic_pending_int(s) > 0 || ossl_quic_channel_has_pending(qc->ch);
+ return ossl_quic_pending_int(s, /*check_channel=*/1) > 0;
}
/*
int ossl_quic_trace(int write_p, int version, int content_type,
const void *buf, size_t msglen, SSL *ssl, void *arg);
-# define OSSL_QUIC_ANY_VERSION 0x5155
-# ifndef OPENSSL_NO_QUIC
-# define IS_QUIC_METHOD(m) ((m)->version == OSSL_QUIC_ANY_VERSION)
-# define IS_QUIC_SSL(s) ((s) != NULL && \
- ((s)->type == SSL_TYPE_QUIC_CONNECTION || \
- (s)->type == SSL_TYPE_QUIC_STREAM))
-# else
-# define IS_QUIC_METHOD(m) 0
-# define IS_QUIC_SSL(s) 0
-# endif
+# define OSSL_QUIC_ANY_VERSION 0xFFFFF
+# define IS_QUIC_METHOD(m) \
+ ((m) == OSSL_QUIC_client_method() || \
+ (m) == OSSL_QUIC_client_thread_method())
# define IS_QUIC_CTX(ctx) IS_QUIC_METHOD((ctx)->method)
# define QUIC_CONNECTION_FROM_SSL_int(ssl, c) \
# define QUIC_XSO_FROM_SSL_int(ssl, c) NULL
# define SSL_CONNECTION_FROM_QUIC_SSL_int(ssl, c) NULL
# define IS_QUIC(ssl) 0
+# define IS_QUIC_CTX(ctx) 0
+# define IS_QUIC_METHOD(m) 0
# endif
# define QUIC_CONNECTION_FROM_SSL(ssl) \
#include <errno.h>
#include <assert.h>
#include "../ssl_local.h"
+#include "../quic/quic_local.h"
#include <openssl/evp.h>
#include <openssl/buffer.h>
#include <openssl/rand.h>
{
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
- if (sc == NULL || IS_QUIC_SSL(s))
+ if (sc == NULL || IS_QUIC(s))
return;
sc->rlayer.default_read_buf_len = len;
}
const char *SSL_rstate_string_long(const SSL *s)
{
const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
-#ifndef OPENSSL_NO_QUIC
- const QUIC_CONNECTION *qc = QUIC_CONNECTION_FROM_CONST_SSL(s);
-#endif
const char *lng;
-#ifndef OPENSSL_NO_QUIC
- if (qc != NULL)
- return "unknown";
-#endif
-
if (sc == NULL)
return NULL;
const char *SSL_rstate_string(const SSL *s)
{
const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
-#ifndef OPENSSL_NO_QUIC
- const QUIC_CONNECTION *qc = QUIC_CONNECTION_FROM_CONST_SSL(s);
-#endif
const char *shrt;
-#ifndef OPENSSL_NO_QUIC
- if (qc != NULL)
- return "unknown";
-#endif
-
if (sc == NULL)
return NULL;
* Return 0 if there is only one version configured and it was disabled
* at configure time. Return 1 otherwise.
*/
-static int ssl_check_allowed_versions(int min_version, int max_version,
- int is_quic)
+static int ssl_check_allowed_versions(int min_version, int max_version)
{
int minisdtls = 0, maxisdtls = 0;
} else {
/* Regular TLS version checks. */
if (min_version == 0)
- min_version = is_quic ? TLS1_3_VERSION : SSL3_VERSION;
+ min_version = SSL3_VERSION;
if (max_version == 0)
max_version = TLS1_3_VERSION;
#ifdef OPENSSL_NO_TLS1_3
s->max_proto_version = ctx->max_proto_version;
}
- s->min_proto_version = ctx->min_proto_version;
- if (IS_QUIC_CTX(ctx) && s->min_proto_version < TLS1_3_VERSION)
- s->min_proto_version = TLS1_3_VERSION;
-
- s->max_proto_version = ctx->max_proto_version;
- if (IS_QUIC_CTX(ctx) && s->max_proto_version < TLS1_3_VERSION)
- s->max_proto_version = 0;
-
s->mode = ctx->mode;
s->max_cert_list = ctx->max_cert_list;
-
if (!IS_QUIC_CTX(ctx)) {
s->max_early_data = ctx->max_early_data;
s->recv_max_early_data = ctx->recv_max_early_data;
s->msg_callback_arg = ctx->msg_callback_arg;
s->verify_mode = ctx->verify_mode;
s->not_resumable_session_cb = ctx->not_resumable_session_cb;
- if (!IS_QUIC_CTX(ctx)) {
- s->rlayer.record_padding_cb = ctx->record_padding_cb;
- s->rlayer.record_padding_arg = ctx->record_padding_arg;
- s->rlayer.block_padding = ctx->block_padding;
- }
+ s->rlayer.record_padding_cb = ctx->record_padding_cb;
+ s->rlayer.record_padding_arg = ctx->record_padding_arg;
+ s->rlayer.block_padding = ctx->block_padding;
s->sid_ctx_length = ctx->sid_ctx_length;
if (!ossl_assert(s->sid_ctx_length <= sizeof(s->sid_ctx)))
goto err;
}
#ifndef OPENSSL_NO_SOCK
+static const BIO_METHOD *fd_method(SSL *s)
+{
+#ifndef OPENSSL_NO_DGRAM
+ if (IS_QUIC(s))
+ return BIO_s_datagram();
+#endif
+
+ return BIO_s_socket();
+}
+
int SSL_set_fd(SSL *s, int fd)
{
int ret = 0;
BIO *bio = NULL;
- bio = BIO_new(IS_QUIC_SSL(s) ? BIO_s_datagram() : BIO_s_socket());
+ if (s->type == SSL_TYPE_QUIC_XSO) {
+ ERR_raise(ERR_LIB_SSL, SSL_R_CONN_USE_ONLY);
+ goto err;
+ }
+
+ bio = BIO_new(fd_method(s));
if (bio == NULL) {
ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
int SSL_set_wfd(SSL *s, int fd)
{
BIO *rbio = SSL_get_rbio(s);
- int desired_type = IS_QUIC_SSL(s) ? BIO_TYPE_DGRAM : BIO_TYPE_SOCKET;
+ int desired_type = IS_QUIC(s) ? BIO_TYPE_DGRAM : BIO_TYPE_SOCKET;
+
+ if (s->type == SSL_TYPE_QUIC_XSO) {
+ ERR_raise(ERR_LIB_SSL, SSL_R_CONN_USE_ONLY);
+ return 0;
+ }
if (rbio == NULL || BIO_method_type(rbio) != desired_type
|| (int)BIO_get_fd(rbio, NULL) != fd) {
- BIO *bio = BIO_new(IS_QUIC_SSL(s) ? BIO_s_datagram() : BIO_s_socket());
+ BIO *bio = BIO_new(fd_method(s));
if (bio == NULL) {
ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
int SSL_set_rfd(SSL *s, int fd)
{
BIO *wbio = SSL_get_wbio(s);
- int desired_type = IS_QUIC_SSL(s) ? BIO_TYPE_DGRAM : BIO_TYPE_SOCKET;
+ int desired_type = IS_QUIC(s) ? BIO_TYPE_DGRAM : BIO_TYPE_SOCKET;
+
+ if (s->type == SSL_TYPE_QUIC_XSO) {
+ ERR_raise(ERR_LIB_SSL, SSL_R_CONN_USE_ONLY);
+ return 0;
+ }
if (wbio == NULL || BIO_method_type(wbio) != desired_type
|| ((int)BIO_get_fd(wbio, NULL) != fd)) {
- BIO *bio = BIO_new(IS_QUIC_SSL(s) ? BIO_s_datagram() : BIO_s_socket());
+ BIO *bio = BIO_new(fd_method(s));
if (bio == NULL) {
ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
OSSL_PARAM options[2], *opts = options;
- if (sc == NULL || IS_QUIC_SSL(s))
+ if (sc == NULL || IS_QUIC(s))
return;
RECORD_LAYER_set_read_ahead(&sc->rlayer, yes);
{
const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
- if (sc == NULL || IS_QUIC_SSL(s))
+ if (sc == NULL || IS_QUIC(s))
return 0;
return RECORD_LAYER_get_read_ahead(&sc->rlayer);
int SSL_has_pending(const SSL *s)
{
-#ifndef OPENSSL_NO_QUIC
- const QUIC_CONNECTION *qc = QUIC_CONNECTION_FROM_SSL(s);
-#endif
-
/*
* Similar to SSL_pending() but returns a 1 to indicate that we have
* processed or unprocessed data available or 0 otherwise (as opposed to the
sc = SSL_CONNECTION_FROM_CONST_SSL(s);
-#ifndef OPENSSL_NO_QUIC
- if (qc != NULL)
- return ossl_quic_has_pending(qc);
-#endif
-
/* Check buffered app data if any first */
if (SSL_CONNECTION_IS_DTLS(sc)) {
TLS_RECORD *rdata;
int ret;
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
- if (sc == NULL)
- return 0;
-
- if (!sc->server) {
+ /* TODO(QUIC 0RTT): 0-RTT support */
+ if (sc == NULL || !sc->server) {
ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return SSL_READ_EARLY_DATA_ERROR;
}
{
const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL_ONLY(s);
+ /* TODO(QUIC 0RTT): 0-RTT support */
if (sc == NULL)
return 0;
switch (cmd) {
case SSL_CTRL_GET_READ_AHEAD:
- if (IS_QUIC_SSL(s))
+ if (IS_QUIC(s))
return 0;
return RECORD_LAYER_get_read_ahead(&sc->rlayer);
case SSL_CTRL_SET_READ_AHEAD:
- if (IS_QUIC_SSL(s))
+ if (IS_QUIC(s))
return 0;
l = RECORD_LAYER_get_read_ahead(&sc->rlayer);
RECORD_LAYER_set_read_ahead(&sc->rlayer, larg);
sc->max_cert_list = (size_t)larg;
return l;
case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
- if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH || IS_QUIC_SSL(s))
+ if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH || IS_QUIC(s))
return 0;
#ifndef OPENSSL_NO_KTLS
if (sc->wbio != NULL && BIO_get_ktls_send(sc->wbio))
sc->rlayer.wrlmethod->set_max_frag_len(sc->rlayer.wrl, larg);
return 1;
case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT:
- if ((size_t)larg > sc->max_send_fragment || larg == 0 || IS_QUIC_SSL(s))
+ if ((size_t)larg > sc->max_send_fragment || larg == 0 || IS_QUIC(s))
return 0;
sc->split_send_fragment = larg;
return 1;
case SSL_CTRL_SET_MAX_PIPELINES:
- if (larg < 1 || larg > SSL_MAX_PIPELINES || IS_QUIC_SSL(s))
+ if (larg < 1 || larg > SSL_MAX_PIPELINES || IS_QUIC(s))
return 0;
sc->max_pipelines = larg;
if (sc->rlayer.rrlmethod->set_max_pipelines != NULL)
else
return 0;
case SSL_CTRL_SET_MIN_PROTO_VERSION:
- return ssl_check_allowed_versions(larg, sc->max_proto_version,
- IS_QUIC_SSL(s))
+ return ssl_check_allowed_versions(larg, sc->max_proto_version)
&& ssl_set_version_bound(s->defltmeth->version, (int)larg,
&sc->min_proto_version);
case SSL_CTRL_GET_MIN_PROTO_VERSION:
return sc->min_proto_version;
case SSL_CTRL_SET_MAX_PROTO_VERSION:
- if (IS_QUIC_SSL(s) && larg < TLS1_3_VERSION)
- return 0;
- return ssl_check_allowed_versions(sc->min_proto_version, larg,
- IS_QUIC_SSL(s))
+ return ssl_check_allowed_versions(sc->min_proto_version, larg)
&& ssl_set_version_bound(s->defltmeth->version, (int)larg,
&sc->max_proto_version);
case SSL_CTRL_GET_MAX_PROTO_VERSION:
case SSL_CTRL_CLEAR_CERT_FLAGS:
return (ctx->cert->cert_flags &= ~larg);
case SSL_CTRL_SET_MIN_PROTO_VERSION:
- return ssl_check_allowed_versions(larg, ctx->max_proto_version, 0)
+ return ssl_check_allowed_versions(larg, ctx->max_proto_version)
&& ssl_set_version_bound(ctx->method->version, (int)larg,
&ctx->min_proto_version);
case SSL_CTRL_GET_MIN_PROTO_VERSION:
return ctx->min_proto_version;
case SSL_CTRL_SET_MAX_PROTO_VERSION:
- return ssl_check_allowed_versions(ctx->min_proto_version, larg, 0)
+ return ssl_check_allowed_versions(ctx->min_proto_version, larg)
&& ssl_set_version_bound(ctx->method->version, (int)larg,
&ctx->max_proto_version);
case SSL_CTRL_GET_MAX_PROTO_VERSION:
BIO *b;
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
- if (sc == NULL || IS_QUIC_SSL(ssl))
+ if (sc == NULL || IS_QUIC(ssl))
return 0;
b = SSL_get_wbio(ssl);
{
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
- if (sc == NULL || (IS_QUIC_SSL(ssl) && block_size > 1))
+ if (sc == NULL || (IS_QUIC(ssl) && block_size > 1))
return 0;
/* block size of 0 or 1 is basically no padding */
return 0;
/* QUIC buffers are always 'in use'. */
- if (IS_QUIC_SSL(ssl))
+ if (IS_QUIC(ssl))
return 0;
rl = &sc->rlayer;
return 0;
/* QUIC always has buffers allocated. */
- if (IS_QUIC_SSL(ssl))
+ if (IS_QUIC(ssl))
return 1;
rl = &sc->rlayer;
{
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
- if (sc == NULL || IS_QUIC_SSL(s))
+ if (sc == NULL || IS_QUIC(s))
return 0;
sc->max_early_data = max_early_data;
{
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
- if (sc == NULL || IS_QUIC_SSL(s))
+ if (sc == NULL || IS_QUIC(s))
return 0;
sc->recv_max_early_data = recv_max_early_data;
int ret;
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
- if (sc == NULL || IS_QUIC_SSL(s))
+ if (sc == NULL || IS_QUIC(s))
return 0;
/* Ensure there is no state left over from a previous invocation */
void SSL_set_post_handshake_auth(SSL *ssl, int val)
{
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
-#ifndef OPENSSL_NO_QUIC
- QUIC_CONNECTION *qc = QUIC_CONNECTION_FROM_SSL(ssl);
- if (qc != NULL)
+#ifndef OPENSSL_NO_QUIC
+ if (IS_QUIC(ssl))
return;
#endif
int SSL_verify_client_post_handshake(SSL *ssl)
{
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
-#ifndef OPENSSL_NO_QUIC
- QUIC_CONNECTION *qc = QUIC_CONNECTION_FROM_SSL(ssl);
- if (qc != NULL) {
+#ifndef OPENSSL_NO_QUIC
+ if (IS_QUIC(ssl)) {
ERR_raise(ERR_LIB_SSL, SSL_R_WRONG_SSL_VERSION);
return 0;
}
{
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
- if (sc == NULL || IS_QUIC_SSL(s))
+ if (sc == NULL || IS_QUIC(s))
return;
sc->allow_early_data_cb = cb;
#include "internal/sizes.h"
#include "internal/tlsgroups.h"
#include "ssl_local.h"
+#include "quic/quic_local.h"
#include <openssl/ct.h>
static const SIGALG_LOOKUP *find_sig_alg(SSL_CONNECTION *s, X509 *x, EVP_PKEY *pkey);
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
if (sc == NULL
- || (IS_QUIC_SSL(ssl) && mode != TLSEXT_max_fragment_length_DISABLED))
+ || (IS_QUIC(ssl) && mode != TLSEXT_max_fragment_length_DISABLED))
return 0;
if (mode != TLSEXT_max_fragment_length_DISABLED
|| !TEST_false(SSL_set_max_pipelines(ssl, 2)))
goto err;
- /* Protocol Version */
- if (!TEST_false(SSL_set_max_proto_version(ssl, TLS1_2_VERSION))
- || !TEST_true(SSL_set_max_proto_version(ssl, TLS1_3_VERSION)))
- goto err;
-
/* HRR */
if (!TEST_false(SSL_stateless(ssl)))
goto err;
+++ /dev/null
-# Generated with generate_ssl_tests.pl
-
-num_tests = 1
-
-test-0 = 0-certstatus-good
-# ===========================================================
-
-[0-certstatus-good]
-ssl_conf = 0-certstatus-good-ssl
-
-[0-certstatus-good-ssl]
-server = 0-certstatus-good-server
-client = 0-certstatus-good-client
-
-[0-certstatus-good-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[0-certstatus-good-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-0]
-ExpectedResult = Success
-Method = QUIC
-
-
+++ /dev/null
-# -*- mode: perl; -*-
-# Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License"). You may not use
-# this file except in compliance with the License. You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-
-## Basic test of the QUIC protocol
-
-use strict;
-use warnings;
-
-package ssltests;
-
-
-our @tests = (
- {
- name => "certstatus-good",
- server => {},
- client => {},
- test => {
- "Method" => "QUIC",
- "ExpectedResult" => "Success"
- }
- }
-);
projects / openssl.git / commitdiff