[continued from previous message]

+ SSL *clientssl = NULL, *serverssl = NULL, *qlistener = NULL;
+ int testresult = 0;
+ int ret, i;
+
+ if (!TEST_ptr(sctx = create_server_ctx())
+ || !TEST_ptr(cctx = create_client_ctx()))
+ goto err;
+
+ if (!create_quic_ssl_objects(sctx, cctx, &qlistener, &clientssl))
+ goto err;
+
+ /* Calling SSL_accept() on a listener is expected to fail */
+ ret = SSL_accept(qlistener);
+ if (!TEST_int_le(ret, 0)
+ || !TEST_int_eq(SSL_get_error(qlistener, ret), SSL_ERROR_SSL))
+ goto err;
+
+ /* Send ClientHello and server retry */
+ for (i = 0; i < 2; i++) {
+ ret = SSL_connect(clientssl);
+ if (!TEST_int_le(ret, 0)
+ || !TEST_int_eq(SSL_get_error(clientssl, ret), SSL_ERROR_WANT_READ))
+ goto err;
+ SSL_handle_events(qlistener);
+ }
+
+ /* We expect a server SSL object which has not yet completed its handshake */
+ serverssl = SSL_accept_connection(qlistener, 0);
+ if (!TEST_ptr(serverssl) || !TEST_false(SSL_is_init_finished(serverssl))) + goto err;
+
+ /* Call SSL_accept() and SSL_connect() until we are connected */
+ if (!TEST_true(create_bare_ssl_connection(serverssl, clientssl,
+ SSL_ERROR_NONE, 0, 0)))
+ goto err;
+
+ testresult = 1;
+
+ err:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_free(qlistener);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+
+ return testresult;
+}
+
+static SSL *quic_verify_ssl = NULL;
+
+static int quic_verify_cb(int ok, X509_STORE_CTX *ctx)
+{
+ SSL *cssl = (SSL *)X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
+
+ /* Confirm we got the SSL object we were expecting */
+ return TEST_ptr_eq(cssl, quic_verify_ssl);
+}
+
+static int test_ssl_set_verify(void)
+{
+ SSL_CTX *cctx = NULL, *sctx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL, *qlistener = NULL;
+ int testresult = 0;
+ int ret, i;
+
+ if (!TEST_ptr(sctx = create_server_ctx())
+ || !TEST_ptr(cctx = create_client_ctx()))
+ goto err;
+
+ if (!create_quic_ssl_objects(sctx, cctx, &qlistener, &clientssl))
+ goto err;
+
+ quic_verify_ssl = clientssl;
+ SSL_set_verify(clientssl, SSL_VERIFY_PEER, quic_verify_cb);
+
+ /* Send ClientHello and server retry */
+ for (i = 0; i < 2; i++) {
+ ret = SSL_connect(clientssl);
+ if (!TEST_int_le(ret, 0)
+ || !TEST_int_eq(SSL_get_error(clientssl, ret), SSL_ERROR_WANT_READ))
+ goto err;
+ SSL_handle_events(qlistener);
+ }
+
+ /* We expect a server SSL object which has not yet completed its handshake */
+ serverssl = SSL_accept_connection(qlistener, 0);
+
+ /* Call SSL_accept() and SSL_connect() until we are connected */
+ if (!TEST_true(create_bare_ssl_connection(serverssl, clientssl,
+ SSL_ERROR_NONE, 0, 0)))
+ goto err;
+
+ testresult = 1;
+
+ err:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_free(qlistener);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+
+ return testresult;
+}
+
/***********************************************************************************/
OPT_TEST_DECLARE_USAGE("provider config certsdir datadir\n")

@@ -2786,6 +2962,8 @@
ADD_TEST(test_new_token);
#endif
ADD_TEST(test_server_method_with_ssl_new);
+ ADD_TEST(test_ssl_accept_connection);
+ ADD_TEST(test_ssl_set_verify);
return 1;
err:
cleanup_tests();
diff -Nru -w openssl-3.5.0/test/quic_multistream_test.c openssl-3.5.1/test/quic_multistream_test.c
--- openssl-3.5.0/test/quic_multistream_test.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/test/quic_multistream_test.c 2025-07-01 13:52:08.000000000 +0200
@@ -25,6 +25,16 @@

static const char *certfile, *keyfile;

+#if defined(_AIX)
+/*
+ * Some versions of AIX define macros for events and revents for use when
+ * accessing pollfd structures (see Github issue #24236). That interferes
+ * with our use of these names here. We simply undef them.
+ */
+# undef revents
+# undef events
+#endif
+
#if defined(OPENSSL_THREADS)
struct child_thread_args {
struct helper *h;
diff -Nru -w openssl-3.5.0/test/radix/quic_ops.c openssl-3.5.1/test/radix/quic_ops.c
--- openssl-3.5.0/test/radix/quic_ops.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/test/radix/quic_ops.c 2025-07-01 13:52:08.000000000 +0200
@@ -7,6 +7,7 @@
* https://www.openssl.org/source/license.html
*/
#include "internal/sockets.h"
+#include <openssl/rand.h>

static const unsigned char alpn_ossltest[