5 files changed, 29 insertions, 0 deletions

diff --git a/include/internal/quic_ssl.h b/include/internal/quic_ssl.h
index 97ee2c9218..86dca6bb30 100644
--- a/include/internal/quic_ssl.h
+++ b/include/internal/quic_ssl.h
@@ -66,6 +66,7 @@ BIO *ossl_quic_conn_get_net_wbio(const SSL *s);
 __owur int ossl_quic_conn_set_initial_peer_addr(SSL *s,
                                                 const BIO_ADDR *peer_addr);
 __owur SSL *ossl_quic_conn_stream_new(SSL *s, uint64_t flags);
+__owur SSL *ossl_quic_get0_connection(SSL *s);
 
 /*
  * Used to override ossl_time_now() for debug purposes. Must be called before
diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in
index 9593e6bfed..869a74ae85 100644
--- a/include/openssl/ssl.h.in
+++ b/include/openssl/ssl.h.in
@@ -2266,6 +2266,7 @@ __owur int SSL_net_write_desired(SSL *s);
 __owur int SSL_set_blocking_mode(SSL *s, int blocking);
 __owur int SSL_get_blocking_mode(SSL *s);
 __owur int SSL_set_initial_peer_addr(SSL *s, const BIO_ADDR *peer_addr);
+__owur SSL *SSL_get0_connection(SSL *s);
 
 #define SSL_STREAM_FLAG_UNI     (1U << 0)
 __owur SSL *SSL_new_stream(SSL *s, uint64_t flags);
diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c
index 01b99c5461..3ed03b1c86 100644
--- a/ssl/quic/quic_impl.c
+++ b/ssl/quic/quic_impl.c
@@ -1822,6 +1822,20 @@ int SSL_inject_net_dgram(SSL *s, const unsigned char *buf,
 }
 
 /*
+ * SSL_get0_connection
+ * -------------------
+ */
+SSL *ossl_quic_get0_connection(SSL *s)
+{
+    QCTX ctx;
+
+    if (!expect_quic(s, &ctx))
+        return NULL;
+
+    return &ctx.qc->ssl;
+}
+
+/*
  * QUIC Front-End I/O API: SSL_CTX Management
  * ==========================================
  */
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 56cbbac5f8..31905a23d4 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -7311,6 +7311,18 @@ SSL *SSL_new_stream(SSL *s, uint64_t flags)
 #endif
 }
 
+SSL *SSL_get0_connection(SSL *s)
+{
+#ifndef OPENSSL_NO_QUIC
+    if (!IS_QUIC(s))
+        return s;
+
+    return ossl_quic_get0_connection(s);
+#else
+    return s;
+#endif
+}
+
 int SSL_add_expected_rpk(SSL *s, EVP_PKEY *rpk)
 {
     unsigned char *data = NULL;
diff --git a/util/libssl.num b/util/libssl.num
index 6358356663..78a2676b4d 100644
--- a/util/libssl.num
+++ b/util/libssl.num
@@ -561,3 +561,4 @@ d2i_SSL_SESSION_ex                      ?	3_2_0	EXIST::FUNCTION:
 SSL_is_tls                              ?	3_2_0	EXIST::FUNCTION:
 SSL_is_quic                             ?	3_2_0	EXIST::FUNCTION:
 SSL_new_stream                          ?	3_2_0	EXIST::FUNCTION:
+SSL_get0_connection                     ?	3_2_0	EXIST::FUNCTION: