commit c2827d3b557f5960b457e51f58eae1ec4a08602b
author Adam Langley <alangley@gmail.com> Tue Oct 12 13:18:18 2021 -0700
committer Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com> Mon Oct 25 19:53:48 2021 +0000
tree 41682d9d2158d4e8ec3ed655e212ded2a6eba2aa
parent 7cac8faff275f2c47f5c8c6b226eb2f964b13a25

Add a function to express the desired record version protocol.

This function is currently a no-op, but could be made to do something in
the future to ease the transition of deployments that extract keys from
the handshake and drive the record protocol themselves.

Change-Id: Ib1399e42442dad78173a6462980945559a88a2c7
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/49886
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: David Benjamin <davidben@google.com>

include/openssl/ssl.h

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index f731f8f..057fbc0 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -3887,6 +3887,10 @@
 // two most significant bytes.
 OPENSSL_EXPORT uint64_t SSL_get_write_sequence(const SSL *ssl);
 
+// SSL_CTX_set_record_protocol_version returns whether |version| is zero.
+OPENSSL_EXPORT int SSL_CTX_set_record_protocol_version(SSL_CTX *ctx,
+                                                       int version);
+
 
 // Handshake hints.
 //

ssl/ssl_versions.cc

diff --git a/ssl/ssl_versions.cc b/ssl/ssl_versions.cc
index df499c7..964f7c9 100644
--- a/ssl/ssl_versions.cc
+++ b/ssl/ssl_versions.cc
@@ -396,3 +396,7 @@
   // used on unit test sessions anyway.
   return api_version_to_wire(&session->ssl_version, version);
 }
+
+int SSL_CTX_set_record_protocol_version(SSL_CTX *ctx, int version) {
+  return version == 0;
+}