Moving TLS 1.3 version negotiation into extension.
Change-Id: I73f9fd64b46f26978b897409d817b34ec9d93afd
Reviewed-on: https://boringssl-review.googlesource.com/11080
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 51c16f0..63f72ca 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -951,6 +951,10 @@
return 1;
}
+ if (version == TLS1_3_VERSION) {
+ version = TLS1_3_DRAFT_VERSION;
+ }
+
return method->version_from_wire(out, version);
}
@@ -965,6 +969,10 @@
return 1;
}
+ if (version == TLS1_3_VERSION) {
+ version = TLS1_3_DRAFT_VERSION;
+ }
+
return method->version_from_wire(out, version);
}
@@ -2109,7 +2117,8 @@
static const char *ssl_get_version(int version) {
switch (version) {
- case TLS1_3_VERSION:
+ /* Report TLS 1.3 draft version as TLS 1.3 in the public API. */
+ case TLS1_3_DRAFT_VERSION:
return "TLSv1.3";
case TLS1_2_VERSION:
@@ -2271,7 +2280,14 @@
return ret;
}
-int SSL_version(const SSL *ssl) { return ssl->version; }
+int SSL_version(const SSL *ssl) {
+ /* Report TLS 1.3 draft version as TLS 1.3 in the public API. */
+ if (ssl->version == TLS1_3_DRAFT_VERSION) {
+ return TLS1_3_VERSION;
+ }
+
+ return ssl->version;
+}
SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl) { return ssl->ctx; }
@@ -2962,7 +2978,7 @@
version = 0;
break;
default:
- version = ssl->version;
+ version = SSL_version(ssl);
}
ssl->msg_callback(is_write, version, content_type, buf, len, ssl,
