Commit 3d3021afdf for openssl.org
commit 3d3021afdfd792c2d0c1dbf8c9e61d0040c3d695
Author: Neil Horman <nhorman@openssl.org>
Date: Fri Apr 11 15:09:54 2025 -0400
Update port_make_channel to behave for accept_ex/accept_connection
Based on the value of the using_peeloff flag, we need to choose if we're
going to create a user_ssl when creating a new channel
Reviewed-by: Saša NedvÄ›dický <sashan@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27397)
diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c
index c141fa7052..122264b09c 100644
--- a/ssl/quic/quic_impl.c
+++ b/ssl/quic/quic_impl.c
@@ -4698,13 +4698,13 @@ SSL *ossl_quic_accept_connection(SSL *ssl, uint64_t flags)
if (!ql_listen(ctx.ql))
goto out;
- if (ossl_quic_get_using_peeloff(ctx.ql->port) == 1) {
+ if (ossl_quic_port_get_using_peeloff(ctx.ql->port) == 1) {
QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED,
"This listener is using SSL_accept_ex");
goto out;
}
- ossl_quic_set_using_peeloff(ctx.ql->port, -1);
+ ossl_quic_port_set_using_peeloff(ctx.ql->port, -1);
/* Wait for an incoming connection if needed. */
new_ch = ossl_quic_port_pop_incoming(ctx.ql->port);
diff --git a/ssl/quic/quic_port.c b/ssl/quic/quic_port.c
index 8264699f87..8043fde4ff 100644
--- a/ssl/quic/quic_port.c
+++ b/ssl/quic/quic_port.c
@@ -533,28 +533,34 @@ static QUIC_CHANNEL *port_make_channel(QUIC_PORT *port, SSL *tls, OSSL_QRX *qrx,
if (ch == NULL)
return NULL;
- /*
- * Fixup the channel tls connection here before we init the channel
- */
- ch->tls = (tls != NULL) ? tls : port_new_handshake_layer(port, ch);
-
- if (ch->tls == NULL) {
- OPENSSL_free(ch);
- return NULL;
- }
-
+ if (tls != NULL) {
+ ch->tls = tls;
+ } else {
+ if (ossl_quic_port_get_using_peeloff(port) <= 0) {
+ ossl_quic_port_set_using_peeloff(port, -1);
+ /*
+ * We're using the normal SSL_accept_connection_path
+ */
+ ch->tls = port_new_handshake_layer(port, ch);
#ifndef OPENSSL_NO_QLOG
- /*
- * If we're using qlog, make sure the tls get further configured properly
- */
- ch->use_qlog = 1;
- if (ch->tls->ctx->qlog_title != NULL) {
- if ((ch->qlog_title = OPENSSL_strdup(ch->tls->ctx->qlog_title)) == NULL) {
- OPENSSL_free(ch);
- return NULL;
+ /*
+ * If we're using qlog, make sure the tls get further configured properly
+ */
+ ch->use_qlog = 1;
+ if (ch->tls->ctx->qlog_title != NULL) {
+ if ((ch->qlog_title = OPENSSL_strdup(ch->tls->ctx->qlog_title)) == NULL) {
+ OPENSSL_free(ch);
+ return NULL;
+ }
+ }
+#endif
+ } else {
+ /*
+ * We're deferring user ssl creation until SSL_accept_ex is called
+ */
+ ch->tls = NULL;
}
}
-#endif
/*
* And finally init the channel struct