commit 10e664b91f1325b2caea8f7cf6230d343337be83
author David Benjamin <davidben@google.com> Mon Jun 20 22:20:47 2016 -0400
committer David Benjamin <davidben@google.com> Mon Jun 27 17:05:36 2016 +0000
tree 7a9ce21d25af10c95e58f18be886b305cb004e7d
parent 9acf0ca2698ca01c8545e1b69cabea67a99ed23d

Always set min_version / max_version.

Saves us some mess if they're never zero. This also fixes a bug in
ssl3_get_max_client_version where it didn't account for all versions being
disabled properly.

Change-Id: I4c95ff57cf8953cb4a528263b252379f252f3e01
Reviewed-on: https://boringssl-review.googlesource.com/8512
Reviewed-by: David Benjamin <davidben@google.com>

ssl/ssl_test.cc

diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc
index 3e9cd1e..b6d4fd6 100644
--- a/ssl/ssl_test.cc
+++ b/ssl/ssl_test.cc
@@ -689,16 +689,13 @@
   return true;
 }
 
-static bool TestDefaultVersion(uint16_t version,
+static bool TestDefaultVersion(uint16_t min_version, uint16_t max_version,
                                const SSL_METHOD *(*method)(void)) {
   ScopedSSL_CTX ctx(SSL_CTX_new(method()));
   if (!ctx) {
     return false;
   }
-  // TODO(svaldez): Remove TLS1_2_VERSION fallback upon implementing TLS 1.3.
-  return ctx->min_version == version &&
-         (ctx->max_version == version ||
-          (version == 0 && ctx->max_version == TLS1_2_VERSION));
+  return ctx->min_version == min_version && ctx->max_version == max_version;
 }
 
 static bool CipherGetRFCName(std::string *out, uint16_t value) {
@@ -1361,14 +1358,15 @@
       !TestBadSSL_SESSIONEncoding(kBadSessionExtraField) ||
       !TestBadSSL_SESSIONEncoding(kBadSessionVersion) ||
       !TestBadSSL_SESSIONEncoding(kBadSessionTrailingData) ||
-      !TestDefaultVersion(0, &TLS_method) ||
-      !TestDefaultVersion(SSL3_VERSION, &SSLv3_method) ||
-      !TestDefaultVersion(TLS1_VERSION, &TLSv1_method) ||
-      !TestDefaultVersion(TLS1_1_VERSION, &TLSv1_1_method) ||
-      !TestDefaultVersion(TLS1_2_VERSION, &TLSv1_2_method) ||
-      !TestDefaultVersion(0, &DTLS_method) ||
-      !TestDefaultVersion(DTLS1_VERSION, &DTLSv1_method) ||
-      !TestDefaultVersion(DTLS1_2_VERSION, &DTLSv1_2_method) ||
+      // TODO(svaldez): Update this when TLS 1.3 is enabled by default.
+      !TestDefaultVersion(SSL3_VERSION, TLS1_2_VERSION, &TLS_method) ||
+      !TestDefaultVersion(SSL3_VERSION, SSL3_VERSION, &SSLv3_method) ||
+      !TestDefaultVersion(TLS1_VERSION, TLS1_VERSION, &TLSv1_method) ||
+      !TestDefaultVersion(TLS1_1_VERSION, TLS1_1_VERSION, &TLSv1_1_method) ||
+      !TestDefaultVersion(TLS1_2_VERSION, TLS1_2_VERSION, &TLSv1_2_method) ||
+      !TestDefaultVersion(DTLS1_VERSION, DTLS1_2_VERSION, &DTLS_method) ||
+      !TestDefaultVersion(DTLS1_VERSION, DTLS1_VERSION, &DTLSv1_method) ||
+      !TestDefaultVersion(DTLS1_2_VERSION, DTLS1_2_VERSION, &DTLSv1_2_method) ||
       !TestCipherGetRFCName() ||
       !TestPaddingExtension() ||
       !TestClientCAList() ||