Ensure the QUIC TLS SSL object is marked as shutdown

If we shutdown the QUIC connection then we should mark the underlying
TLS SSL object as shutdown as well. Otherwise any sessions are considered
unusable for resumption.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21591)

diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c
index 1e983e3fc08d10d19e62d93608a4b7d61caea21a..89475f3889151cb5489e1ffd681f8d02050795f8 100644 (file)
--- a/ssl/quic/quic_impl.c
+++ b/ssl/quic/quic_impl.c
@@ -1203,6 +1203,8 @@ int ossl_quic_conn_shutdown(SSL *s, uint64_t flags,
     ossl_quic_channel_local_close(ctx.qc->ch,
                                   args != NULL ? args->quic_error_code : 0);
 
+    SSL_set_shutdown(ctx.qc->tls, SSL_SENT_SHUTDOWN);
+
     if (ossl_quic_channel_is_terminated(ctx.qc->ch)) {
         quic_unlock(ctx.qc);
         return 1;