use. This provides the client write master key, the server write master key, the
client write master salt and the server write master salt in that order.
+These functions cannot be used with QUIC SSL objects.
+
=head1 RETURN VALUES
SSL_CTX_set_tlsext_use_srtp() and SSL_set_tlsext_use_srtp() return 0 on success
int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles)
{
+ if (IS_QUIC_METHOD(ctx->method))
+ return 1;
+
return ssl_ctx_make_profiles(profiles, &ctx->srtp_profiles);
}
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
if (sc == NULL)
- return 0;
+ return 1;
return ssl_ctx_make_profiles(profiles, &sc->srtp_profiles);
}
if (qc->tls == NULL || (sc = SSL_CONNECTION_FROM_SSL(qc->tls)) == NULL)
goto err;
/* override the user_ssl of the inner connection */
- sc->user_ssl = ssl_base;
- sc->flags |= TLS1_FLAGS_QUIC;
+ sc->user_ssl = ssl_base;
+ sc->s3.flags |= TLS1_FLAGS_QUIC;
#if defined(OPENSSL_THREADS)
if ((qc->mutex = ossl_crypto_mutex_new()) == NULL)
int ossl_quic_trace(int write_p, int version, int content_type,
const void *buf, size_t msglen, SSL *ssl, void *arg);
-# define OSSL_QUIC_ANY_VERSION 0xFFFFF
+# define OSSL_QUIC_ANY_VERSION 0x5155
+# define IS_QUIC_METHOD(m) ((m)->version == OSSL_QUIC_ANY_VERSION)
# define QUIC_CONNECTION_FROM_SSL_int(ssl, c) \
((ssl) == NULL ? NULL \
}
#endif
+/*
+ * Test that handshake-layer APIs which shouldn't work don't work with QUIC.
+ */
+static int test_quic_forbidden_apis(void)
+{
+ int testresult = 0;
+ SSL_CTX *ctx = NULL;
+ SSL *ssl = NULL;
+
+ if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method())))
+ goto err;
+
+ /* This function returns 0 on success and 1 on error, and should fail. */
+ if (!TEST_true(SSL_CTX_set_tlsext_use_srtp(ctx, "SRTP_AEAD_AES_128_GCM")))
+ goto err;
+
+ if (!TEST_ptr(ssl = SSL_new(ctx)))
+ goto err;
+
+ /* This function returns 0 on success and 1 on error, and should fail. */
+ if (!TEST_true(SSL_set_tlsext_use_srtp(ssl, "SRTP_AEAD_AES_128_GCM")))
+ goto err;
+
+ testresult = 1;
+err:
+ SSL_free(ssl);
+ SSL_CTX_free(ctx);
+ return testresult;
+}
+
OPT_TEST_DECLARE_USAGE("provider config certsdir datadir\n")
int setup_tests(void)
#if !defined(OPENSSL_NO_SSL_TRACE) && !defined(OPENSSL_NO_EC) && defined(OPENSSL_NO_ZLIB)
ADD_TEST(test_ssl_trace);
#endif
-
+ ADD_TEST(test_quic_forbidden_apis);
return 1;
err:
cleanup_tests();