Rename {ssl,ctx}->{min,max}_version.
These are not the true version filters due to SSL_OP_NO_* filters.
Change-Id: I4c2db967d885f7c1875a3e052c5b02ea8d612fe1
Reviewed-on: https://boringssl-review.googlesource.com/17266
Reviewed-by: Steven Valdez <svaldez@google.com>
diff --git a/ssl/internal.h b/ssl/internal.h
index 8d1859b..88caccb 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -1840,13 +1840,15 @@
/* version is the protocol version. */
int version;
- /* max_version is the maximum acceptable protocol version. Note this version
- * is normalized in DTLS. */
- uint16_t max_version;
+ /* conf_max_version is the maximum acceptable protocol version configured by
+ * |SSL_set_max_proto_version|. Note this version is normalized in DTLS and is
+ * further constrainted by |SSL_OP_NO_*|. */
+ uint16_t conf_max_version;
- /* min_version is the minimum acceptable protocol version. Note this version
- * is normalized in DTLS. */
- uint16_t min_version;
+ /* conf_min_version is the minimum acceptable protocol version configured by
+ * |SSL_set_min_proto_version|. Note this version is normalized in DTLS and is
+ * further constrainted by |SSL_OP_NO_*|. */
+ uint16_t conf_min_version;
uint16_t max_send_fragment;
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 6273e00..d50b690 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -371,8 +371,8 @@
}
OPENSSL_memset(ssl, 0, sizeof(SSL));
- ssl->min_version = ctx->min_version;
- ssl->max_version = ctx->max_version;
+ ssl->conf_min_version = ctx->conf_min_version;
+ ssl->conf_max_version = ctx->conf_max_version;
/* RFC 6347 states that implementations SHOULD use an initial timer value of
* 1 second. */
@@ -1017,19 +1017,19 @@
}
int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, uint16_t version) {
- return set_min_version(ctx->method, &ctx->min_version, version);
+ return set_min_version(ctx->method, &ctx->conf_min_version, version);
}
int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, uint16_t version) {
- return set_max_version(ctx->method, &ctx->max_version, version);
+ return set_max_version(ctx->method, &ctx->conf_max_version, version);
}
int SSL_set_min_proto_version(SSL *ssl, uint16_t version) {
- return set_min_version(ssl->method, &ssl->min_version, version);
+ return set_min_version(ssl->method, &ssl->conf_min_version, version);
}
int SSL_set_max_proto_version(SSL *ssl, uint16_t version) {
- return set_max_version(ssl->method, &ssl->max_version, version);
+ return set_max_version(ssl->method, &ssl->conf_max_version, version);
}
uint32_t SSL_CTX_set_options(SSL_CTX *ctx, uint32_t options) {
@@ -2374,8 +2374,8 @@
}
}
- uint16_t min_version = ssl->min_version;
- uint16_t max_version = ssl->max_version;
+ uint16_t min_version = ssl->conf_min_version;
+ uint16_t max_version = ssl->conf_max_version;
/* Bound the range to only those implemented in this protocol. */
if (min_version < ssl->method->min_version) {
diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc
index b53c93a..72b624a 100644
--- a/ssl/ssl_test.cc
+++ b/ssl/ssl_test.cc
@@ -715,8 +715,8 @@
const SSL_METHOD *(*method)(void)) {
bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method()));
ASSERT_TRUE(ctx);
- EXPECT_EQ(min_version, ctx->min_version);
- EXPECT_EQ(max_version, ctx->max_version);
+ EXPECT_EQ(min_version, ctx->conf_min_version);
+ EXPECT_EQ(max_version, ctx->conf_max_version);
}
TEST(SSLTest, DefaultVersion) {
@@ -2544,15 +2544,15 @@
// Zero is the default version.
EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), 0));
- EXPECT_EQ(TLS1_2_VERSION, ctx->max_version);
+ EXPECT_EQ(TLS1_2_VERSION, ctx->conf_max_version);
EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), 0));
- EXPECT_EQ(TLS1_VERSION, ctx->min_version);
+ EXPECT_EQ(TLS1_VERSION, ctx->conf_min_version);
// SSL 3.0 and TLS 1.3 are available, but not by default.
EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), SSL3_VERSION));
- EXPECT_EQ(SSL3_VERSION, ctx->min_version);
+ EXPECT_EQ(SSL3_VERSION, ctx->conf_min_version);
EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_3_VERSION));
- EXPECT_EQ(TLS1_3_VERSION, ctx->max_version);
+ EXPECT_EQ(TLS1_3_VERSION, ctx->conf_max_version);
ctx.reset(SSL_CTX_new(DTLS_method()));
ASSERT_TRUE(ctx);
@@ -2572,9 +2572,9 @@
EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0x1234));
EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), 0));
- EXPECT_EQ(TLS1_2_VERSION, ctx->max_version);
+ EXPECT_EQ(TLS1_2_VERSION, ctx->conf_max_version);
EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), 0));
- EXPECT_EQ(TLS1_1_VERSION, ctx->min_version);
+ EXPECT_EQ(TLS1_1_VERSION, ctx->conf_min_version);
}
static const char *GetVersionName(uint16_t version) {
