QUIC TLS: Prohibit SRTP-related calls for QUIC TLS

Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20061)
author: Hugo Landau <hlandau@openssl.org> 2023-01-16 16:18:55 +0100
committer: Pauli <pauli@openssl.org> 2023-07-05 01:02:26 +0200
commit: f082205bcfc8e361e53bb2f39f46b46097ec784a (patch)
tree: aa54e7691742a26ffb8b00db5f74b12e6660c423 /ssl/d1_srtp.c
parent: QUIC SSL Behaviours: Allow detection of an SSL connection used for QUIC hands... (diff)
download: openssl-f082205bcfc8e361e53bb2f39f46b46097ec784a.tar.xz
openssl-f082205bcfc8e361e53bb2f39f46b46097ec784a.zip
1 files changed, 4 insertions, 1 deletions
diff --git a/ssl/d1_srtp.c b/ssl/d1_srtp.c
index 557336a064..13f6bbd0a0 100644
--- a/ssl/d1_srtp.c
+++ b/ssl/d1_srtp.c
@@ -139,6 +139,9 @@ static int ssl_ctx_make_profiles(const char *profiles_string,
 
 int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles)
 {
+    if (IS_QUIC_METHOD(ctx->method))
+        return 1;
+
     return ssl_ctx_make_profiles(profiles, &ctx->srtp_profiles);
 }
 
@@ -147,7 +150,7 @@ int SSL_set_tlsext_use_srtp(SSL *s, const char *profiles)
     SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
 
     if (sc == NULL)
-        return 0;
+        return 1;
 
     return ssl_ctx_make_profiles(profiles, &sc->srtp_profiles);
 }
author	Hugo Landau <hlandau@openssl.org>	2023-01-16 16:18:55 +0100
committer	Pauli <pauli@openssl.org>	2023-07-05 01:02:26 +0200
commit	f082205bcfc8e361e53bb2f39f46b46097ec784a (patch)
tree	aa54e7691742a26ffb8b00db5f74b12e6660c423 /ssl/d1_srtp.c
parent	QUIC SSL Behaviours: Allow detection of an SSL connection used for QUIC hands... (diff)
download	openssl-f082205bcfc8e361e53bb2f39f46b46097ec784a.tar.xz openssl-f082205bcfc8e361e53bb2f39f46b46097ec784a.zip