Add test for how SSL_version interacts with SSL_clear and the initial state
This works, but the reason it works is somewhat suprising. We rely on
SSL3_STATE and DTLS1_STATE, on creation, going back and mutating
ssl->version.
Change-Id: I3e4e12d8b0351e03f09303dedeb1fe082aba711d
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/71529
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Nick Harper <nharper@chromium.org>
diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc
index 4f4f978..37766b2 100644
--- a/ssl/ssl_test.cc
+++ b/ssl/ssl_test.cc
@@ -4151,8 +4151,15 @@
}
TEST_P(SSLVersionTest, Version) {
- ASSERT_TRUE(Connect());
+ ASSERT_TRUE(CreateClientAndServer(&client_, &server_, client_ctx_.get(),
+ server_ctx_.get()));
+ // Before the handshake, |SSL_version| reports some placeholder value.
+ const uint16_t placeholder = is_dtls() ? DTLS1_2_VERSION : TLS1_2_VERSION;
+ EXPECT_EQ(SSL_version(client_.get()), placeholder);
+ EXPECT_EQ(SSL_version(server_.get()), placeholder);
+ // After the handshake, |SSL_version| reports the version.
+ ASSERT_TRUE(CompleteHandshakes(client_.get(), server_.get()));
EXPECT_EQ(SSL_version(client_.get()), version());
EXPECT_EQ(SSL_version(server_.get()), version());
@@ -4168,6 +4175,12 @@
SSL_SESSION_get_version(SSL_get_session(server_.get()));
EXPECT_EQ(strcmp(version_name, client_name), 0);
EXPECT_EQ(strcmp(version_name, server_name), 0);
+
+ // |SSL_clear| should reset the |SSL|s to the original state.
+ ASSERT_TRUE(SSL_clear(client_.get()));
+ ASSERT_TRUE(SSL_clear(server_.get()));
+ EXPECT_EQ(SSL_version(client_.get()), placeholder);
+ EXPECT_EQ(SSL_version(server_.get()), placeholder);
}
// Tests that that |SSL_get_pending_cipher| is available during the ALPN
