diff options
| -rw-r--r-- | doc/man3/BIO_f_ssl.pod | 2 | ||||
| -rw-r--r-- | doc/man3/SSL_CTX_set_ssl_version.pod | 3 | ||||
| -rw-r--r-- | ssl/ssl_lib.c | 12 |
3 files changed, 14 insertions, 3 deletions
diff --git a/doc/man3/BIO_f_ssl.pod b/doc/man3/BIO_f_ssl.pod index 365168646a..371c124388 100644 --- a/doc/man3/BIO_f_ssl.pod +++ b/doc/man3/BIO_f_ssl.pod @@ -131,6 +131,8 @@ BIO_set_ssl(), BIO_get_ssl(), BIO_set_ssl_mode(), BIO_set_ssl_renegotiate_bytes(), BIO_set_ssl_renegotiate_timeout(), BIO_get_num_renegotiates(), and BIO_do_handshake() are implemented as macros. +BIO_ssl_copy_session_id() is not currently supported on QUIC SSL objects. + =head1 RETURN VALUES BIO_f_ssl() returns the SSL B<BIO_METHOD> structure. diff --git a/doc/man3/SSL_CTX_set_ssl_version.pod b/doc/man3/SSL_CTX_set_ssl_version.pod index 10aa63f729..a311b1bf58 100644 --- a/doc/man3/SSL_CTX_set_ssl_version.pod +++ b/doc/man3/SSL_CTX_set_ssl_version.pod @@ -47,6 +47,9 @@ it would usually be preferable to create a new SSL_CTX object than to try to reuse an existing one in this fashion. Its usage is considered deprecated. +SSL_set_ssl_method() cannot be used to change a non-QUIC SSL object to a QUIC +SSL object or vice versa. + =head1 RETURN VALUES The following return values can occur for SSL_CTX_set_ssl_version() diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index ce3a4cc89f..057c8e895a 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -672,6 +672,11 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) { STACK_OF(SSL_CIPHER) *sk; + if (IS_QUIC_CTX(ctx)) { + ERR_raise(ERR_LIB_SSL, SSL_R_WRONG_SSL_VERSION); + return 0; + } + ctx->method = meth; if (!SSL_CTX_set_ciphersuites(ctx, OSSL_default_ciphersuites())) { @@ -1990,7 +1995,7 @@ STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s) int SSL_copy_session_id(SSL *t, const SSL *f) { int i; - /* TODO(QUIC): Do we want to support this for QUIC connections? */ + /* TODO(QUIC): Not allowed for QUIC currently. */ SSL_CONNECTION *tsc = SSL_CONNECTION_FROM_SSL_ONLY(t); const SSL_CONNECTION *fsc = SSL_CONNECTION_FROM_CONST_SSL_ONLY(f); @@ -4530,9 +4535,10 @@ int SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth) int ret = 1; SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); - /* TODO(QUIC): Do we want this for QUIC? */ + /* Not allowed for QUIC */ if (sc == NULL - || (s->type != SSL_TYPE_SSL_CONNECTION && s->method != meth)) + || (s->type != SSL_TYPE_SSL_CONNECTION && s->method != meth) + || (s->type == SSL_TYPE_SSL_CONNECTION && IS_QUIC_METHOD(meth))) return 0; if (s->method != meth) { |