diff options
| author | jsing <> | 2017-01-25 11:11:21 +0000 |
|---|---|---|
| committer | jsing <> | 2017-01-25 11:11:21 +0000 |
| commit | 94311409ea53a1943ed795d9ee12bb543b0287f4 (patch) | |
| tree | ed4151853b5f9b0fc04d3e3738813b12ca89e588 /src | |
| parent | 82b04dfad277d1c342754d144a0e705780351236 (diff) | |
| download | openbsd-94311409ea53a1943ed795d9ee12bb543b0287f4.tar.gz openbsd-94311409ea53a1943ed795d9ee12bb543b0287f4.tar.bz2 openbsd-94311409ea53a1943ed795d9ee12bb543b0287f4.zip | |
Update ssl versions regress to handle min/max configured versions and
the cover the ssl_supported_version_range() function.
Diffstat (limited to '')
| -rw-r--r-- | src/regress/lib/libssl/unit/ssl_versions.c | 248 |
1 files changed, 201 insertions, 47 deletions
diff --git a/src/regress/lib/libssl/unit/ssl_versions.c b/src/regress/lib/libssl/unit/ssl_versions.c index d4be40cbd8..eace13e438 100644 --- a/src/regress/lib/libssl/unit/ssl_versions.c +++ b/src/regress/lib/libssl/unit/ssl_versions.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_versions.c,v 1.2 2017/01/03 16:58:10 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_versions.c,v 1.3 2017/01/25 11:11:21 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2016 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2016 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -17,13 +17,14 @@ | |||
| 17 | 17 | ||
| 18 | #include <openssl/ssl.h> | 18 | #include <openssl/ssl.h> |
| 19 | 19 | ||
| 20 | int ssl_enabled_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver); | 20 | #include "ssl_locl.h" |
| 21 | int ssl_max_shared_version(SSL *s, uint16_t peer_ver, uint16_t *max_ver); | ||
| 22 | 21 | ||
| 23 | struct version_range_test { | 22 | struct version_range_test { |
| 24 | const long options; | 23 | const long options; |
| 25 | const uint16_t minver; | 24 | const uint16_t minver; |
| 26 | const uint16_t maxver; | 25 | const uint16_t maxver; |
| 26 | const uint16_t want_minver; | ||
| 27 | const uint16_t want_maxver; | ||
| 27 | }; | 28 | }; |
| 28 | 29 | ||
| 29 | static struct version_range_test version_range_tests[] = { | 30 | static struct version_range_test version_range_tests[] = { |
| @@ -31,41 +32,92 @@ static struct version_range_test version_range_tests[] = { | |||
| 31 | .options = 0, | 32 | .options = 0, |
| 32 | .minver = TLS1_VERSION, | 33 | .minver = TLS1_VERSION, |
| 33 | .maxver = TLS1_2_VERSION, | 34 | .maxver = TLS1_2_VERSION, |
| 35 | .want_minver = TLS1_VERSION, | ||
| 36 | .want_maxver = TLS1_2_VERSION, | ||
| 34 | }, | 37 | }, |
| 35 | { | 38 | { |
| 36 | .options = SSL_OP_NO_TLSv1, | 39 | .options = SSL_OP_NO_TLSv1, |
| 37 | .minver = TLS1_1_VERSION, | 40 | .minver = TLS1_VERSION, |
| 38 | .maxver = TLS1_2_VERSION, | 41 | .maxver = TLS1_2_VERSION, |
| 42 | .want_minver = TLS1_1_VERSION, | ||
| 43 | .want_maxver = TLS1_2_VERSION, | ||
| 39 | }, | 44 | }, |
| 40 | { | 45 | { |
| 41 | .options = SSL_OP_NO_TLSv1_2, | 46 | .options = SSL_OP_NO_TLSv1_2, |
| 42 | .minver = TLS1_VERSION, | 47 | .minver = TLS1_VERSION, |
| 43 | .maxver = TLS1_1_VERSION, | 48 | .maxver = TLS1_2_VERSION, |
| 49 | .want_minver = TLS1_VERSION, | ||
| 50 | .want_maxver = TLS1_1_VERSION, | ||
| 44 | }, | 51 | }, |
| 45 | { | 52 | { |
| 46 | .options = SSL_OP_NO_TLSv1_1, | 53 | .options = SSL_OP_NO_TLSv1_1, |
| 47 | .minver = TLS1_VERSION, | 54 | .minver = TLS1_VERSION, |
| 48 | .maxver = TLS1_VERSION, | 55 | .maxver = TLS1_2_VERSION, |
| 56 | .want_minver = TLS1_VERSION, | ||
| 57 | .want_maxver = TLS1_VERSION, | ||
| 49 | }, | 58 | }, |
| 50 | { | 59 | { |
| 51 | .options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1, | 60 | .options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1, |
| 52 | .minver = TLS1_2_VERSION, | 61 | .minver = TLS1_VERSION, |
| 53 | .maxver = TLS1_2_VERSION, | 62 | .maxver = TLS1_2_VERSION, |
| 63 | .want_minver = TLS1_2_VERSION, | ||
| 64 | .want_maxver = TLS1_2_VERSION, | ||
| 54 | }, | 65 | }, |
| 55 | { | 66 | { |
| 56 | .options = SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2, | 67 | .options = SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2, |
| 57 | .minver = TLS1_VERSION, | 68 | .minver = TLS1_VERSION, |
| 58 | .maxver = TLS1_VERSION, | 69 | .maxver = TLS1_2_VERSION, |
| 70 | .want_minver = TLS1_VERSION, | ||
| 71 | .want_maxver = TLS1_VERSION, | ||
| 59 | }, | 72 | }, |
| 60 | { | 73 | { |
| 61 | .options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_2, | 74 | .options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_2, |
| 75 | .minver = TLS1_VERSION, | ||
| 76 | .maxver = TLS1_2_VERSION, | ||
| 77 | .want_minver = TLS1_1_VERSION, | ||
| 78 | .want_maxver = TLS1_1_VERSION, | ||
| 79 | }, | ||
| 80 | { | ||
| 81 | .options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2, | ||
| 82 | .minver = TLS1_VERSION, | ||
| 83 | .maxver = TLS1_2_VERSION, | ||
| 84 | .want_minver = 0, | ||
| 85 | .want_maxver = 0, | ||
| 86 | }, | ||
| 87 | { | ||
| 88 | .options = 0, | ||
| 89 | .minver = TLS1_VERSION, | ||
| 90 | .maxver = TLS1_2_VERSION, | ||
| 91 | .want_minver = TLS1_VERSION, | ||
| 92 | .want_maxver = TLS1_2_VERSION, | ||
| 93 | }, | ||
| 94 | { | ||
| 95 | .options = 0, | ||
| 62 | .minver = TLS1_1_VERSION, | 96 | .minver = TLS1_1_VERSION, |
| 97 | .maxver = TLS1_2_VERSION, | ||
| 98 | .want_minver = TLS1_1_VERSION, | ||
| 99 | .want_maxver = TLS1_2_VERSION, | ||
| 100 | }, | ||
| 101 | { | ||
| 102 | .options = 0, | ||
| 103 | .minver = TLS1_2_VERSION, | ||
| 104 | .maxver = TLS1_2_VERSION, | ||
| 105 | .want_minver = TLS1_2_VERSION, | ||
| 106 | .want_maxver = TLS1_2_VERSION, | ||
| 107 | }, | ||
| 108 | { | ||
| 109 | .options = 0, | ||
| 110 | .minver = TLS1_VERSION, | ||
| 63 | .maxver = TLS1_1_VERSION, | 111 | .maxver = TLS1_1_VERSION, |
| 112 | .want_minver = TLS1_VERSION, | ||
| 113 | .want_maxver = TLS1_1_VERSION, | ||
| 64 | }, | 114 | }, |
| 65 | { | 115 | { |
| 66 | .options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2, | 116 | .options = 0, |
| 67 | .minver = 0, | 117 | .minver = TLS1_VERSION, |
| 68 | .maxver = 0, | 118 | .maxver = TLS1_VERSION, |
| 119 | .want_minver = TLS1_VERSION, | ||
| 120 | .want_maxver = TLS1_VERSION, | ||
| 69 | }, | 121 | }, |
| 70 | }; | 122 | }; |
| 71 | 123 | ||
| @@ -101,23 +153,25 @@ test_ssl_enabled_version_range(void) | |||
| 101 | SSL_set_options(ssl, vrt->options); | 153 | SSL_set_options(ssl, vrt->options); |
| 102 | 154 | ||
| 103 | minver = maxver = 0xffff; | 155 | minver = maxver = 0xffff; |
| 156 | ssl->internal->min_version = vrt->minver; | ||
| 157 | ssl->internal->max_version = vrt->maxver; | ||
| 104 | 158 | ||
| 105 | if (ssl_enabled_version_range(ssl, &minver, &maxver) != 1) { | 159 | if (ssl_enabled_version_range(ssl, &minver, &maxver) != 1) { |
| 106 | if (vrt->minver != 0 || vrt->maxver != 0) { | 160 | if (vrt->want_minver != 0 || vrt->want_maxver != 0) { |
| 107 | fprintf(stderr, "FAIL: test %zu - failed but " | 161 | fprintf(stderr, "FAIL: test %zu - failed but " |
| 108 | "wanted non-zero versions\n", i); | 162 | "wanted non-zero versions\n", i); |
| 109 | failed++; | 163 | failed++; |
| 110 | } | 164 | } |
| 111 | continue; | 165 | continue; |
| 112 | } | 166 | } |
| 113 | if (minver != vrt->minver) { | 167 | if (minver != vrt->want_minver) { |
| 114 | fprintf(stderr, "FAIL: test %zu - got minver %x, " | 168 | fprintf(stderr, "FAIL: test %zu - got minver %x, " |
| 115 | "want %x\n", i, minver, vrt->minver); | 169 | "want %x\n", i, minver, vrt->want_minver); |
| 116 | failed++; | 170 | failed++; |
| 117 | } | 171 | } |
| 118 | if (maxver != vrt->maxver) { | 172 | if (maxver != vrt->want_maxver) { |
| 119 | fprintf(stderr, "FAIL: test %zu - got maxver %x, " | 173 | fprintf(stderr, "FAIL: test %zu - got maxver %x, " |
| 120 | "want %x\n", i, maxver, vrt->maxver); | 174 | "want %x\n", i, maxver, vrt->want_maxver); |
| 121 | failed++; | 175 | failed++; |
| 122 | } | 176 | } |
| 123 | } | 177 | } |
| @@ -130,76 +184,174 @@ test_ssl_enabled_version_range(void) | |||
| 130 | } | 184 | } |
| 131 | 185 | ||
| 132 | struct shared_version_test { | 186 | struct shared_version_test { |
| 187 | const SSL_METHOD *(*ssl_method)(void); | ||
| 133 | const long options; | 188 | const long options; |
| 134 | const uint16_t peerver; | 189 | const uint16_t minver; |
| 135 | const uint16_t maxver; | 190 | const uint16_t maxver; |
| 191 | const uint16_t peerver; | ||
| 192 | const uint16_t want_maxver; | ||
| 136 | }; | 193 | }; |
| 137 | 194 | ||
| 138 | static struct shared_version_test shared_version_tests[] = { | 195 | static struct shared_version_test shared_version_tests[] = { |
| 139 | { | 196 | { |
| 197 | .ssl_method = TLS_method, | ||
| 140 | .options = 0, | 198 | .options = 0, |
| 199 | .minver = TLS1_VERSION, | ||
| 200 | .maxver = TLS1_2_VERSION, | ||
| 141 | .peerver = SSL2_VERSION, | 201 | .peerver = SSL2_VERSION, |
| 142 | .maxver = 0, | 202 | .want_maxver = 0, |
| 143 | }, | 203 | }, |
| 144 | { | 204 | { |
| 205 | .ssl_method = TLS_method, | ||
| 145 | .options = 0, | 206 | .options = 0, |
| 207 | .minver = TLS1_VERSION, | ||
| 208 | .maxver = TLS1_2_VERSION, | ||
| 146 | .peerver = SSL3_VERSION, | 209 | .peerver = SSL3_VERSION, |
| 147 | .maxver = 0, | 210 | .want_maxver = 0, |
| 148 | }, | 211 | }, |
| 149 | { | 212 | { |
| 213 | .ssl_method = TLS_method, | ||
| 150 | .options = 0, | 214 | .options = 0, |
| 215 | .minver = TLS1_VERSION, | ||
| 216 | .maxver = TLS1_2_VERSION, | ||
| 151 | .peerver = TLS1_VERSION, | 217 | .peerver = TLS1_VERSION, |
| 152 | .maxver = TLS1_VERSION, | 218 | .want_maxver = TLS1_VERSION, |
| 153 | }, | 219 | }, |
| 154 | { | 220 | { |
| 221 | .ssl_method = TLS_method, | ||
| 155 | .options = 0, | 222 | .options = 0, |
| 223 | .minver = TLS1_VERSION, | ||
| 224 | .maxver = TLS1_2_VERSION, | ||
| 156 | .peerver = TLS1_1_VERSION, | 225 | .peerver = TLS1_1_VERSION, |
| 157 | .maxver = TLS1_1_VERSION, | 226 | .want_maxver = TLS1_1_VERSION, |
| 158 | }, | 227 | }, |
| 159 | { | 228 | { |
| 229 | .ssl_method = TLS_method, | ||
| 160 | .options = 0, | 230 | .options = 0, |
| 161 | .peerver = TLS1_2_VERSION, | 231 | .minver = TLS1_VERSION, |
| 162 | .maxver = TLS1_2_VERSION, | 232 | .maxver = TLS1_2_VERSION, |
| 233 | .peerver = TLS1_2_VERSION, | ||
| 234 | .want_maxver = TLS1_2_VERSION, | ||
| 163 | }, | 235 | }, |
| 164 | { | 236 | { |
| 237 | .ssl_method = TLS_method, | ||
| 165 | .options = 0, | 238 | .options = 0, |
| 166 | .peerver = 0x7f12, | 239 | .minver = TLS1_VERSION, |
| 167 | .maxver = TLS1_2_VERSION, | 240 | .maxver = TLS1_2_VERSION, |
| 241 | .peerver = 0x7f12, | ||
| 242 | .want_maxver = TLS1_2_VERSION, | ||
| 168 | }, | 243 | }, |
| 169 | { | 244 | { |
| 245 | .ssl_method = TLS_method, | ||
| 170 | .options = SSL_OP_NO_TLSv1_2, | 246 | .options = SSL_OP_NO_TLSv1_2, |
| 247 | .minver = TLS1_VERSION, | ||
| 248 | .maxver = TLS1_2_VERSION, | ||
| 171 | .peerver = TLS1_2_VERSION, | 249 | .peerver = TLS1_2_VERSION, |
| 172 | .maxver = TLS1_1_VERSION, | 250 | .want_maxver = TLS1_1_VERSION, |
| 173 | }, | 251 | }, |
| 174 | { | 252 | { |
| 253 | .ssl_method = TLS_method, | ||
| 175 | .options = SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2, | 254 | .options = SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2, |
| 255 | .minver = TLS1_VERSION, | ||
| 256 | .maxver = TLS1_2_VERSION, | ||
| 176 | .peerver = TLS1_2_VERSION, | 257 | .peerver = TLS1_2_VERSION, |
| 177 | .maxver = TLS1_VERSION, | 258 | .want_maxver = TLS1_VERSION, |
| 178 | }, | 259 | }, |
| 179 | { | 260 | { |
| 261 | .ssl_method = TLS_method, | ||
| 180 | .options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2, | 262 | .options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2, |
| 263 | .minver = TLS1_VERSION, | ||
| 264 | .maxver = TLS1_2_VERSION, | ||
| 181 | .peerver = TLS1_2_VERSION, | 265 | .peerver = TLS1_2_VERSION, |
| 182 | .maxver = 0, | 266 | .want_maxver = 0, |
| 183 | }, | 267 | }, |
| 184 | { | 268 | { |
| 269 | .ssl_method = TLS_method, | ||
| 185 | .options = SSL_OP_NO_TLSv1, | 270 | .options = SSL_OP_NO_TLSv1, |
| 271 | .minver = TLS1_VERSION, | ||
| 272 | .maxver = TLS1_2_VERSION, | ||
| 186 | .peerver = TLS1_1_VERSION, | 273 | .peerver = TLS1_1_VERSION, |
| 187 | .maxver = TLS1_1_VERSION, | 274 | .want_maxver = TLS1_1_VERSION, |
| 188 | }, | 275 | }, |
| 189 | { | 276 | { |
| 277 | .ssl_method = TLS_method, | ||
| 190 | .options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1, | 278 | .options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1, |
| 279 | .minver = TLS1_VERSION, | ||
| 280 | .maxver = TLS1_2_VERSION, | ||
| 191 | .peerver = TLS1_1_VERSION, | 281 | .peerver = TLS1_1_VERSION, |
| 192 | .maxver = 0, | 282 | .want_maxver = 0, |
| 193 | }, | 283 | }, |
| 194 | { | 284 | { |
| 285 | .ssl_method = TLS_method, | ||
| 195 | .options = SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2, | 286 | .options = SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2, |
| 287 | .minver = TLS1_VERSION, | ||
| 288 | .maxver = TLS1_2_VERSION, | ||
| 196 | .peerver = TLS1_1_VERSION, | 289 | .peerver = TLS1_1_VERSION, |
| 197 | .maxver = TLS1_VERSION, | 290 | .want_maxver = TLS1_VERSION, |
| 198 | }, | 291 | }, |
| 199 | { | 292 | { |
| 293 | .ssl_method = TLS_method, | ||
| 200 | .options = SSL_OP_NO_TLSv1, | 294 | .options = SSL_OP_NO_TLSv1, |
| 295 | .minver = TLS1_VERSION, | ||
| 296 | .maxver = TLS1_2_VERSION, | ||
| 297 | .peerver = TLS1_VERSION, | ||
| 298 | .want_maxver = 0, | ||
| 299 | }, | ||
| 300 | { | ||
| 301 | .ssl_method = TLS_method, | ||
| 302 | .options = 0, | ||
| 303 | .minver = TLS1_VERSION, | ||
| 304 | .maxver = TLS1_1_VERSION, | ||
| 305 | .peerver = TLS1_2_VERSION, | ||
| 306 | .want_maxver = TLS1_1_VERSION, | ||
| 307 | }, | ||
| 308 | { | ||
| 309 | .ssl_method = TLS_method, | ||
| 310 | .options = 0, | ||
| 311 | .minver = TLS1_VERSION, | ||
| 312 | .maxver = TLS1_VERSION, | ||
| 313 | .peerver = TLS1_2_VERSION, | ||
| 314 | .want_maxver = TLS1_VERSION, | ||
| 315 | }, | ||
| 316 | { | ||
| 317 | .ssl_method = TLSv1_method, | ||
| 318 | .options = 0, | ||
| 319 | .minver = TLS1_VERSION, | ||
| 320 | .maxver = TLS1_2_VERSION, | ||
| 201 | .peerver = TLS1_VERSION, | 321 | .peerver = TLS1_VERSION, |
| 202 | .maxver = 0, | 322 | .want_maxver = TLS1_VERSION, |
| 323 | }, | ||
| 324 | { | ||
| 325 | .ssl_method = TLSv1_method, | ||
| 326 | .options = 0, | ||
| 327 | .minver = TLS1_1_VERSION, | ||
| 328 | .maxver = TLS1_2_VERSION, | ||
| 329 | .peerver = TLS1_VERSION, | ||
| 330 | .want_maxver = 0, | ||
| 331 | }, | ||
| 332 | { | ||
| 333 | .ssl_method = TLSv1_1_method, | ||
| 334 | .options = 0, | ||
| 335 | .minver = TLS1_VERSION, | ||
| 336 | .maxver = TLS1_2_VERSION, | ||
| 337 | .peerver = TLS1_1_VERSION, | ||
| 338 | .want_maxver = TLS1_1_VERSION, | ||
| 339 | }, | ||
| 340 | { | ||
| 341 | .ssl_method = DTLSv1_method, | ||
| 342 | .options = 0, | ||
| 343 | .minver = TLS1_VERSION, | ||
| 344 | .maxver = TLS1_2_VERSION, | ||
| 345 | .peerver = DTLS1_VERSION, | ||
| 346 | .want_maxver = DTLS1_VERSION, | ||
| 347 | }, | ||
| 348 | { | ||
| 349 | .ssl_method = DTLSv1_method, | ||
| 350 | .options = 0, | ||
| 351 | .minver = TLS1_VERSION, | ||
| 352 | .maxver = TLS1_2_VERSION, | ||
| 353 | .peerver = TLS1_2_VERSION, | ||
| 354 | .want_maxver = 0, | ||
| 203 | }, | 355 | }, |
| 204 | }; | 356 | }; |
| 205 | 357 | ||
| @@ -213,47 +365,49 @@ test_ssl_max_shared_version(void) | |||
| 213 | SSL_CTX *ssl_ctx = NULL; | 365 | SSL_CTX *ssl_ctx = NULL; |
| 214 | SSL *ssl = NULL; | 366 | SSL *ssl = NULL; |
| 215 | uint16_t maxver; | 367 | uint16_t maxver; |
| 216 | int failed = 1; | 368 | int failed = 0; |
| 217 | size_t i; | 369 | size_t i; |
| 218 | 370 | ||
| 219 | if ((ssl_ctx = SSL_CTX_new(TLS_method())) == NULL) { | ||
| 220 | fprintf(stderr, "SSL_CTX_new() returned NULL\n"); | ||
| 221 | goto failure; | ||
| 222 | } | ||
| 223 | if ((ssl = SSL_new(ssl_ctx)) == NULL) { | ||
| 224 | fprintf(stderr, "SSL_new() returned NULL\n"); | ||
| 225 | goto failure; | ||
| 226 | } | ||
| 227 | |||
| 228 | failed = 0; | 371 | failed = 0; |
| 229 | 372 | ||
| 230 | for (i = 0; i < N_SHARED_VERSION_TESTS; i++) { | 373 | for (i = 0; i < N_SHARED_VERSION_TESTS; i++) { |
| 231 | srt = &shared_version_tests[i]; | 374 | srt = &shared_version_tests[i]; |
| 232 | 375 | ||
| 376 | if ((ssl_ctx = SSL_CTX_new(srt->ssl_method())) == NULL) { | ||
| 377 | fprintf(stderr, "SSL_CTX_new() returned NULL\n"); | ||
| 378 | return 1; | ||
| 379 | } | ||
| 380 | if ((ssl = SSL_new(ssl_ctx)) == NULL) { | ||
| 381 | fprintf(stderr, "SSL_new() returned NULL\n"); | ||
| 382 | return 1; | ||
| 383 | } | ||
| 384 | |||
| 233 | SSL_clear_options(ssl, SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | | 385 | SSL_clear_options(ssl, SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | |
| 234 | SSL_OP_NO_TLSv1_2); | 386 | SSL_OP_NO_TLSv1_2); |
| 235 | SSL_set_options(ssl, srt->options); | 387 | SSL_set_options(ssl, srt->options); |
| 236 | 388 | ||
| 237 | maxver = 0; | 389 | maxver = 0; |
| 390 | ssl->internal->min_version = srt->minver; | ||
| 391 | ssl->internal->max_version = srt->maxver; | ||
| 238 | 392 | ||
| 239 | if (ssl_max_shared_version(ssl, srt->peerver, &maxver) != 1) { | 393 | if (ssl_max_shared_version(ssl, srt->peerver, &maxver) != 1) { |
| 240 | if (srt->maxver != 0) { | 394 | if (srt->want_maxver != 0) { |
| 241 | fprintf(stderr, "FAIL: test %zu - failed but " | 395 | fprintf(stderr, "FAIL: test %zu - failed but " |
| 242 | "wanted non-zero shared version\n", i); | 396 | "wanted non-zero shared version\n", i); |
| 243 | failed++; | 397 | failed++; |
| 244 | } | 398 | } |
| 245 | continue; | 399 | continue; |
| 246 | } | 400 | } |
| 247 | if (maxver != srt->maxver) { | 401 | if (maxver != srt->want_maxver) { |
| 248 | fprintf(stderr, "FAIL: test %zu - got shared " | 402 | fprintf(stderr, "FAIL: test %zu - got shared " |
| 249 | "version %x, want %x\n", i, maxver, srt->maxver); | 403 | "version %x, want %x\n", i, maxver, |
| 404 | srt->want_maxver); | ||
| 250 | failed++; | 405 | failed++; |
| 251 | } | 406 | } |
| 252 | } | ||
| 253 | 407 | ||
| 254 | failure: | 408 | SSL_CTX_free(ssl_ctx); |
| 255 | SSL_CTX_free(ssl_ctx); | 409 | SSL_free(ssl); |
| 256 | SSL_free(ssl); | 410 | } |
| 257 | 411 | ||
| 258 | return (failed); | 412 | return (failed); |
| 259 | } | 413 | } |