Google Git
Sign in
boringssl / boringssl.git / e34bcc91c07c0bf65ecc53a814d51f5246007150^! / . / ssl / ssl_test.cc
commite34bcc91c07c0bf65ecc53a814d51f5246007150[log] [tgz]
authorDavid Benjamin <davidben@google.com>Wed Sep 21 16:53:09 2016 -0400
committerCQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>Wed Sep 21 21:41:49 2016 +0000
tree267d2b289a5d347ab906a417b9175cec7fd6f1c5
parentc8b6b4fe4afbcd31b61007b1288de380c7f51b4c [diff] [blame]
Support default versions with set_{min,max}_proto_version.

Upstream makes 0 mean "min/max supported version". Match that behavior,
although call it "default" instead. It shouldn't get you TLS 1.3 until
we're ready to turn it on everywhere.

BUG=90

Change-Id: I9f122fceb701b7d4de2ff70afbc1ffdf370cb97e
Reviewed-on: https://boringssl-review.googlesource.com/11181
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc
index a90e993..48dbbac 100644
--- a/ssl/ssl_test.cc
+++ b/ssl/ssl_test.cc

@@ -2106,6 +2106,19 @@
     return false;
   }
 
+  if (!SSL_CTX_set_max_proto_version(ctx.get(), 0) ||
+      !SSL_CTX_set_min_proto_version(ctx.get(), 0)) {
+    fprintf(stderr, "Could not set default TLS version.\n");
+    return false;
+  }
+
+  if (ctx->min_version != SSL3_VERSION ||
+      ctx->max_version != TLS1_2_VERSION) {
+    fprintf(stderr, "Default TLS versions were incorrect (%04x and %04x).\n",
+            ctx->min_version, ctx->max_version);
+    return false;
+  }
+
   ctx.reset(SSL_CTX_new(DTLS_method()));
   if (!ctx) {
     return false;
@@ -2131,6 +2144,19 @@
     return false;
   }
 
+  if (!SSL_CTX_set_max_proto_version(ctx.get(), 0) ||
+      !SSL_CTX_set_min_proto_version(ctx.get(), 0)) {
+    fprintf(stderr, "Could not set default DTLS version.\n");
+    return false;
+  }
+
+  if (ctx->min_version != TLS1_1_VERSION ||
+      ctx->max_version != TLS1_2_VERSION) {
+    fprintf(stderr, "Default DTLS versions were incorrect (%04x and %04x).\n",
+            ctx->min_version, ctx->max_version);
+    return false;
+  }
+
   return true;
 }