From f082205bcfc8e361e53bb2f39f46b46097ec784a Mon Sep 17 00:00:00 2001
From: Hugo Landau <hlandau@openssl.org>
Date: Mon, 16 Jan 2023 15:18:55 +0000
Subject: QUIC TLS: Prohibit SRTP-related calls for QUIC TLS

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
---
 ssl/d1_srtp.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'ssl/d1_srtp.c')

diff --git a/ssl/d1_srtp.c b/ssl/d1_srtp.c
index 557336a064..13f6bbd0a0 100644
--- a/ssl/d1_srtp.c
+++ b/ssl/d1_srtp.c
@@ -139,6 +139,9 @@ static int ssl_ctx_make_profiles(const char *profiles_string,
 
 int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles)
 {
+    if (IS_QUIC_METHOD(ctx->method))
+        return 1;
+
     return ssl_ctx_make_profiles(profiles, &ctx->srtp_profiles);
 }
 
@@ -147,7 +150,7 @@ int SSL_set_tlsext_use_srtp(SSL *s, const char *profiles)
     SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
 
     if (sc == NULL)
-        return 0;
+        return 1;
 
     return ssl_ctx_make_profiles(profiles, &sc->srtp_profiles);
 }
-- 
cgit v1.2.3