commit 2d98d49cf712ca7dc6f4b23b9c5f5542385d8dbe
author David Benjamin <davidben@google.com> Mon Oct 08 17:31:17 2018 -0500
committer CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Wed Oct 10 19:50:19 2018 +0000
tree 6fd231cb03d24b0eca9797192f47fe4d8ff9d12c
parent e3418028023f6399bee43d78db1ee7f374f52dc2

Add a per-SSL TLS 1.3 downgrade enforcement option and improve tests.

Due to non-compliant middleboxes, it is possible we'll need to do some
surgery to this mechanism. Making it per-SSL is a little more flexible
and also eases some tests in Chromium until we get its SSL_CTX usage
fixed up.

Also fix up BoringSSL tests. We forgot to test it at TLS 1.0 and use the
-expect-tls13-downgrade flag.

Bug: 226
Change-Id: Ib39227e74e2d6f5e1fbc1ebcc091e751471b3cdc
Reviewed-on: https://boringssl-review.googlesource.com/c/32424
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

ssl/handshake_client.cc

diff --git a/ssl/handshake_client.cc b/ssl/handshake_client.cc
index ae96bcf..e46b39f 100644
--- a/ssl/handshake_client.cc
+++ b/ssl/handshake_client.cc
@@ -600,7 +600,7 @@
             .subspan(SSL3_RANDOM_SIZE - sizeof(kTLS13DowngradeRandom));
     if (suffix == kTLS12DowngradeRandom || suffix == kTLS13DowngradeRandom) {
       ssl->s3->tls13_downgrade = true;
-      if (!ssl->ctx->ignore_tls13_downgrade) {
+      if (!hs->config->ignore_tls13_downgrade) {
         OPENSSL_PUT_ERROR(SSL, SSL_R_TLS13_DOWNGRADE);
         ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
         return ssl_hs_error;