QUIC SSL: SSL_set_quiet_shutdown

Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from #20061)
openssl · Jul 4, 2023 · f66f0d3 · f66f0d3
1 parent 3ea30e7
commit f66f0d3
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 3 deletions.
diff --git a/doc/man3/SSL_CTX_set_quiet_shutdown.pod b/doc/man3/SSL_CTX_set_quiet_shutdown.pod
@@ -30,6 +30,8 @@ B<mode> may be 0 or 1.
 
 SSL_get_quiet_shutdown() returns the "quiet shutdown" setting of B<ssl>.
 
+These functions are not supported for QUIC SSL objects.
+
 =head1 NOTES
 
 Normally when a SSL connection is finished, the parties must send out

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
@@ -822,7 +822,7 @@ SSL *ossl_ssl_connection_new_int(SSL_CTX *ctx, const SSL_METHOD *method)
     if (s->param == NULL)
         goto asn1err;
     X509_VERIFY_PARAM_inherit(s->param, ctx->param);
-    s->quiet_shutdown = ctx->quiet_shutdown;
+    s->quiet_shutdown = IS_QUIC_CTX(ctx) ? 0 : ctx->quiet_shutdown;
 
     if (!IS_QUIC_CTX(ctx))
         s->ext.max_fragment_len_mode = ctx->ext.max_fragment_len_mode;
@@ -5123,7 +5123,7 @@ void SSL_set_quiet_shutdown(SSL *s, int mode)
 {
     SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
 
-    /* TODO(QUIC): Do we want this for QUIC? */
+    /* TODO(QUIC): Currently not supported for QUIC. */
     if (sc == NULL)
         return;
 
@@ -5134,7 +5134,7 @@ int SSL_get_quiet_shutdown(const SSL *s)
 {
     const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL_ONLY(s);
 
-    /* TODO(QUIC): Do we want this for QUIC? */
+    /* TODO(QUIC): Currently not supported for QUIC. */
     if (sc == NULL)
         return 0;
 

diff --git a/test/quicapitest.c b/test/quicapitest.c
@@ -438,6 +438,7 @@ static int test_quic_forbidden_options(void)
     SSL_CTX_set_read_ahead(ctx, 1);
     SSL_CTX_set_max_early_data(ctx, 1);
     SSL_CTX_set_recv_max_early_data(ctx, 1);
+    SSL_CTX_set_quiet_shutdown(ctx, 1);
 
     if (!TEST_ptr(ssl = SSL_new(ctx)))
         goto err;
@@ -509,6 +510,10 @@ static int test_quic_forbidden_options(void)
     if  (!TEST_false(SSL_stateless(ssl)))
         goto err;
 
+    /* Quiet Shutdown */
+    if (!TEST_false(SSL_get_quiet_shutdown(ssl)))
+        goto err;
+
     testresult = 1;
 err:
     SSL_free(ssl);