Merging upstream version 4.23.0.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 23 insertions, 7 deletions

diff --git a/upstream/debian-unstable/man3/SSL_key_update.3ssl b/upstream/debian-unstable/man3/SSL_key_update.3ssl
index fd1faf30..be9efb26 100644
--- a/upstream/debian-unstable/man3/SSL_key_update.3ssl
+++ b/upstream/debian-unstable/man3/SSL_key_update.3ssl
@@ -55,7 +55,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_KEY_UPDATE 3SSL"
-.TH SSL_KEY_UPDATE 3SSL 2024-02-03 3.1.5 OpenSSL
+.TH SSL_KEY_UPDATE 3SSL 2024-04-04 3.2.2-dev OpenSSL
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -91,11 +91,11 @@ peer to additionally update its sending keys. It is an error if \fBupdatetype\fR
 set to \fBSSL_KEY_UPDATE_NONE\fR.
 .PP
 \&\fBSSL_key_update()\fR must only be called after the initial handshake has been
-completed and TLSv1.3 has been negotiated, at the same time, the application
-needs to ensure that the writing of data has been completed. The key update
-will not take place until the next time an IO operation such as \fBSSL_read_ex()\fR
-or \fBSSL_write_ex()\fR takes place on the connection. Alternatively \fBSSL_do_handshake()\fR
-can be called to force the update to take place immediately.
+completed and TLSv1.3 or QUIC has been negotiated, at the same time, the
+application needs to ensure that the writing of data has been completed. The key
+update will not take place until the next time an IO operation such as
+\&\fBSSL_read_ex()\fR or \fBSSL_write_ex()\fR takes place on the connection. Alternatively
+\&\fBSSL_do_handshake()\fR can be called to force the update to take place immediately.
 .PP
 \&\fBSSL_get_key_update_type()\fR can be used to determine whether a key update
 operation has been scheduled but not yet performed. The type of the pending key
@@ -135,6 +135,22 @@ the session in the new handshake.
 .PP
 The \fBSSL_renegotiate_pending()\fR function returns 1 if a renegotiation or
 renegotiation request has been scheduled but not yet acted on, or 0 otherwise.
+.SH "USAGE WITH QUIC"
+.IX Header "USAGE WITH QUIC"
+\&\fBSSL_key_update()\fR can also be used to perform a key update when using QUIC. The
+function must be called on a QUIC connection SSL object. This is normally done
+automatically when needed. Since a locally initiated QUIC key update always
+causes a peer to also trigger a key update, passing
+\&\fBSSL_KEY_UPDATE_NOT_REQUESTED\fR as \fBupdatetype\fR has the same effect as passing
+\&\fBSSL_KEY_UPDATE_REQUESTED\fR.
+.PP
+The QUIC connection must have been fully established before a key update can be
+performed, and other QUIC protocol rules govern how frequently QUIC key update
+can be performed. \fBSSL_key_update()\fR will fail if these requirements are not met.
+.PP
+Because QUIC key updates are always handled immediately,
+\&\fBSSL_get_key_update_type()\fR always returns SSL_KEY_UPDATE_NONE when called on a
+QUIC connection SSL object.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
 \&\fBSSL_key_update()\fR, \fBSSL_renegotiate()\fR and \fBSSL_renegotiate_abbreviated()\fR return 1
@@ -156,7 +172,7 @@ The \fBSSL_key_update()\fR and \fBSSL_get_key_update_type()\fR functions were ad
 OpenSSL 1.1.1.
 .SH COPYRIGHT
 .IX Header "COPYRIGHT"
-Copyright 2017\-2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017\-2023 The OpenSSL Project Authors. All Rights Reserved.
 .PP
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy