Fix SSL_set_{min,max}_proto_version APIs in invalid versions. SSL_set_max_proto_version(TLS1_3_DRAFT_VERSION) worked unintentionally. Fix that. Also add an error when it fails. Change-Id: I1048fede7b163e1c170e17bf4370b468221a7077 Reviewed-on: https://boringssl-review.googlesource.com/17525 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

commit: 353577cdc798444e1add6215c8e12c10234088ac [log] [tgz]
author: David Benjamin <davidben@google.com> Thu Jun 29 15:54:58 2017 -0400
committer: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Wed Jul 05 19:43:26 2017 +0000
tree: 702750da4d2cefce90687dc840d4ea533b199cc2
parent: 8f36c51f987b45b5f831134f85158fb951f8d8ee [diff] [blame]
diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc
index 84b7496..7737e75 100644
--- a/ssl/ssl_test.cc
+++ b/ssl/ssl_test.cc

@@ -2567,6 +2567,10 @@
   EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_3_VERSION));
   EXPECT_EQ(TLS1_3_VERSION, ctx->conf_max_version);
 
+  // TLS1_3_DRAFT_VERSION is not an API-level version.
+  EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_3_DRAFT_VERSION));
+  ERR_clear_error();
+
   ctx.reset(SSL_CTX_new(DTLS_method()));
   ASSERT_TRUE(ctx);
commit	353577cdc798444e1add6215c8e12c10234088ac	[log] [tgz]
author	David Benjamin <davidben@google.com>	Thu Jun 29 15:54:58 2017 -0400
committer	CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>	Wed Jul 05 19:43:26 2017 +0000
tree	702750da4d2cefce90687dc840d4ea533b199cc2
parent	8f36c51f987b45b5f831134f85158fb951f8d8ee [diff] [blame]