When OpenSSL started supporting TLS 1.3, we noticed that QSslSocket would emit the PSK signal for every connection. To work around that we merged this patch:
This fixed the issue, surpressing the 0-RTT PSK callback from OpenSSL. And in our testing, there were no problem since the test servers we tested with didn't yet use or support TLS 1.3, so the handshake fell back to TLS 1.2 and queried for PSK again, but this time we do emit the signal.
Because the server was falling back to TLS 1.2 it wasn't noticed that if the client and server both use TLS 1.3 there is no room for the user to transmit the PSK (this would still be 0-RTT and would not have the identity hint set)!
We should investigate some ways to mitigate this (TLS 1.3 specific signal could be one option) or, at the very least, document the behavior.