1 files changed, 304 insertions, 12 deletions
diff --git a/src/regress/lib/libssl/unit/ssl_versions.c b/src/regress/lib/libssl/unit/ssl_versions.c
index eace13e438..c12f115c19 100644
--- a/src/regress/lib/libssl/unit/ssl_versions.c
+++ b/src/regress/lib/libssl/unit/ssl_versions.c
@@ -1,6 +1,6 @@
-/* $OpenBSD: ssl_versions.c,v 1.3 2017/01/25 11:11:21 jsing Exp $ */
+/* $OpenBSD: ssl_versions.c,v 1.4 2017/05/06 20:39:03 jsing Exp $ */
 /*
- * Copyright (c) 2016 Joel Sing <jsing@openbsd.org>
+ * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
@@ -361,7 +361,7 @@ static struct shared_version_test shared_version_tests[] = {
 static int
 test_ssl_max_shared_version(void)
 {
-        struct shared_version_test *srt;
+        struct shared_version_test *svt;
        SSL_CTX *ssl_ctx = NULL;
        SSL *ssl = NULL;
        uint16_t maxver;
@@ -371,9 +371,9 @@ test_ssl_max_shared_version(void)
        failed = 0;
        for (i = 0; i < N_SHARED_VERSION_TESTS; i++) {
-                srt = &shared_version_tests[i];
+                svt = &shared_version_tests[i];
-                if ((ssl_ctx = SSL_CTX_new(srt->ssl_method())) == NULL) { 
+                if ((ssl_ctx = SSL_CTX_new(svt->ssl_method())) == NULL) { 
                        fprintf(stderr, "SSL_CTX_new() returned NULL\n");
                        return 1;
                }
@@ -384,24 +384,24 @@ test_ssl_max_shared_version(void)
                SSL_clear_options(ssl, SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 |
                    SSL_OP_NO_TLSv1_2);
-                SSL_set_options(ssl, srt->options);
+                SSL_set_options(ssl, svt->options);
                maxver = 0;
-                ssl->internal->min_version = srt->minver;
+                ssl->internal->min_version = svt->minver;
-                ssl->internal->max_version = srt->maxver;
+                ssl->internal->max_version = svt->maxver;
-                if (ssl_max_shared_version(ssl, srt->peerver, &maxver) != 1) {
+                if (ssl_max_shared_version(ssl, svt->peerver, &maxver) != 1) {
-                        if (srt->want_maxver != 0) {
+                        if (svt->want_maxver != 0) {
                                fprintf(stderr, "FAIL: test %zu - failed but "
                                    "wanted non-zero shared version\n", i);
                                failed++;
                        }
                        continue;
                }
-                if (maxver != srt->want_maxver) {
+                if (maxver != svt->want_maxver) {
                        fprintf(stderr, "FAIL: test %zu - got shared "
                            "version %x, want %x\n", i, maxver,
-                            srt->want_maxver);
+                            svt->want_maxver);
                        failed++;
                }
@@ -412,6 +412,297 @@ test_ssl_max_shared_version(void)
        return (failed);
 }
+struct min_max_version_test {
+        const SSL_METHOD *(*ssl_method)(void);
+        const uint16_t minver;
+        const uint16_t maxver;
+        const uint16_t want_minver;
+        const uint16_t want_maxver;
+};
+static struct min_max_version_test min_max_version_tests[] = {
+        {
+                .ssl_method = TLS_method,
+                .minver = 0,
+                .maxver = 0,
+                .want_minver = TLS1_VERSION,
+                .want_maxver = TLS1_2_VERSION,
+        },
+        {
+                .ssl_method = TLS_method,
+                .minver = TLS1_VERSION,
+                .maxver = 0,
+                .want_minver = TLS1_VERSION,
+                .want_maxver = TLS1_2_VERSION,
+        },
+        {
+                .ssl_method = TLS_method,
+                .minver = 0,
+                .maxver = TLS1_2_VERSION,
+                .want_minver = TLS1_VERSION,
+                .want_maxver = TLS1_2_VERSION,
+        },
+        {
+                .ssl_method = TLS_method,
+                .minver = TLS1_VERSION,
+                .maxver = TLS1_2_VERSION,
+                .want_minver = TLS1_VERSION,
+                .want_maxver = TLS1_2_VERSION,
+        },
+        {
+                .ssl_method = TLS_method,
+                .minver = TLS1_1_VERSION,
+                .maxver = 0,
+                .want_minver = TLS1_1_VERSION,
+                .want_maxver = TLS1_2_VERSION,
+        },
+        {
+                .ssl_method = TLS_method,
+                .minver = TLS1_2_VERSION,
+                .maxver = 0,
+                .want_minver = TLS1_2_VERSION,
+                .want_maxver = TLS1_2_VERSION,
+        },
+        {
+                .ssl_method = TLS_method,
+                .minver = 0x0300,
+                .maxver = 0,
+                .want_minver = TLS1_VERSION,
+                .want_maxver = TLS1_2_VERSION,
+        },
+        {
+                .ssl_method = TLS_method,
+                .minver = 0x0305,
+                .maxver = 0,
+                .want_minver = 0,
+                .want_maxver = 0,
+        },
+        {
+                .ssl_method = TLS_method,
+                .minver = 0,
+                .maxver = 0x0305,
+                .want_minver = TLS1_VERSION,
+                .want_maxver = TLS1_2_VERSION,
+        },
+        {
+                .ssl_method = TLS_method,
+                .minver = 0,
+                .maxver = TLS1_1_VERSION,
+                .want_minver = TLS1_VERSION,
+                .want_maxver = TLS1_1_VERSION,
+        },
+        {
+                .ssl_method = TLS_method,
+                .minver = 0,
+                .maxver = TLS1_VERSION,
+                .want_minver = TLS1_VERSION,
+                .want_maxver = TLS1_VERSION,
+        },
+        {
+                .ssl_method = TLS_method,
+                .minver = 0,
+                .maxver = 0x0300,
+                .want_minver = 0,
+                .want_maxver = 0,
+        },
+        {
+                .ssl_method = TLS_method,
+                .minver = TLS1_2_VERSION,
+                .maxver = TLS1_1_VERSION,
+                .want_minver = TLS1_2_VERSION,
+                .want_maxver = 0,
+        },
+        {
+                .ssl_method = TLSv1_1_method,
+                .minver = 0,
+                .maxver = 0,
+                .want_minver = TLS1_1_VERSION,
+                .want_maxver = TLS1_1_VERSION,
+        },
+        {
+                .ssl_method = TLSv1_1_method,
+                .minver = TLS1_VERSION,
+                .maxver = TLS1_2_VERSION,
+                .want_minver = TLS1_1_VERSION,
+                .want_maxver = TLS1_1_VERSION,
+        },
+        {
+                .ssl_method = TLSv1_1_method,
+                .minver = TLS1_2_VERSION,
+                .maxver = 0,
+                .want_minver = 0,
+                .want_maxver = 0,
+        },
+        {
+                .ssl_method = TLSv1_1_method,
+                .minver = 0,
+                .maxver = TLS1_VERSION,
+                .want_minver = 0,
+                .want_maxver = 0,
+        },
+        {
+                .ssl_method = DTLSv1_method,
+                .minver = 0,
+                .maxver = 0,
+                .want_minver = DTLS1_VERSION,
+                .want_maxver = DTLS1_VERSION,
+        },
+        {
+                .ssl_method = DTLSv1_method,
+                .minver = DTLS1_VERSION,
+                .maxver = 0,
+                .want_minver = DTLS1_VERSION,
+                .want_maxver = DTLS1_VERSION,
+        },
+        {
+                .ssl_method = DTLSv1_method,
+                .minver = 0,
+                .maxver = DTLS1_VERSION,
+                .want_minver = DTLS1_VERSION,
+                .want_maxver = DTLS1_VERSION,
+        },
+        {
+                .ssl_method = DTLSv1_method,
+                .minver = TLS1_VERSION,
+                .maxver = TLS1_2_VERSION,
+                .want_minver = 0,
+                .want_maxver = 0,
+        },
+};
+#define N_MIN_MAX_VERSION_TESTS \
+    (sizeof(min_max_version_tests) / sizeof(*min_max_version_tests))
+static int
+test_ssl_min_max_version(void)
+{
+        struct min_max_version_test *mmvt;
+        SSL_CTX *ssl_ctx = NULL;
+        SSL *ssl = NULL;
+        int failed = 0;
+        size_t i;
+        failed = 0;
+        for (i = 0; i < N_SHARED_VERSION_TESTS; i++) {
+                mmvt = &min_max_version_tests[i];
+                if ((ssl_ctx = SSL_CTX_new(mmvt->ssl_method())) == NULL) { 
+                        fprintf(stderr, "SSL_CTX_new() returned NULL\n");
+                        return 1;
+                }
+                if (SSL_CTX_set_min_proto_version(ssl_ctx, mmvt->minver) != 1) {
+                        if (mmvt->want_minver != 0) {
+                                fprintf(stderr, "FAIL: test %zu - failed to set "
+                                    "SSL_CTX min version\n", i);
+                                failed++;
+                        }
+                        goto next;
+                }
+                if (SSL_CTX_set_max_proto_version(ssl_ctx, mmvt->maxver) != 1) {
+                        if (mmvt->want_maxver != 0) {
+                                fprintf(stderr, "FAIL: test %zu - failed to set "
+                                    "SSL_CTX min version\n", i);
+                                failed++;
+                        }
+                        goto next;
+                }
+                if (mmvt->want_minver == 0) {
+                        fprintf(stderr, "FAIL: test %zu - successfully set "
+                            "SSL_CTX min version, should have failed\n", i);
+                        goto next;
+                }
+                if (mmvt->want_maxver == 0) {
+                        fprintf(stderr, "FAIL: test %zu - successfully set "
+                            "SSL_CTX max version, should have failed\n", i);
+                        goto next;
+                }
+                if (ssl_ctx->internal->min_version != mmvt->want_minver) {
+                        fprintf(stderr, "FAIL: test %zu - got SSL_CTX min "
+                            "version 0x%x, want 0x%x\n", i,
+                            ssl_ctx->internal->min_version, mmvt->want_minver);
+                        goto next;
+                }
+                if (ssl_ctx->internal->max_version != mmvt->want_maxver) {
+                        fprintf(stderr, "FAIL: test %zu - got SSL_CTX max "
+                            "version 0x%x, want 0x%x\n", i,
+                            ssl_ctx->internal->max_version, mmvt->want_maxver);
+                        goto next;
+                }
+                if ((ssl = SSL_new(ssl_ctx)) == NULL) {
+                        fprintf(stderr, "SSL_new() returned NULL\n");
+                        return 1;
+                }
+                if (ssl->internal->min_version != mmvt->want_minver) {
+                        fprintf(stderr, "FAIL: test %zu - initial SSL min "
+                            "version 0x%x, want 0x%x\n", i,
+                            ssl_ctx->internal->min_version, mmvt->want_minver);
+                        goto next;
+                }
+                if (ssl->internal->max_version != mmvt->want_maxver) {
+                        fprintf(stderr, "FAIL: test %zu - initial SSL max "
+                            "version 0x%x, want 0x%x\n", i,
+                            ssl_ctx->internal->max_version, mmvt->want_maxver);
+                        goto next;
+                }
+                if (SSL_set_min_proto_version(ssl, mmvt->minver) != 1) {
+                        if (mmvt->want_minver != 0) {
+                                fprintf(stderr, "FAIL: test %zu - failed to set "
+                                    "SSL min version\n", i);
+                                failed++;
+                        }
+                        goto next;
+                }
+                if (SSL_set_max_proto_version(ssl, mmvt->maxver) != 1) {
+                        if (mmvt->want_maxver != 0) {
+                                fprintf(stderr, "FAIL: test %zu - failed to set "
+                                    "SSL min version\n", i);
+                                failed++;
+                        }
+                        goto next;
+                }
+                if (mmvt->want_minver == 0) {
+                        fprintf(stderr, "FAIL: test %zu - successfully set SSL "
+                            "min version, should have failed\n", i);
+                        goto next;
+                }
+                if (mmvt->want_maxver == 0) {
+                        fprintf(stderr, "FAIL: test %zu - successfully set SSL "
+                            "max version, should have failed\n", i);
+                        goto next;
+                }
+                if (ssl->internal->min_version != mmvt->want_minver) {
+                        fprintf(stderr, "FAIL: test %zu - got SSL min "
+                            "version 0x%x, want 0x%x\n", i,
+                            ssl_ctx->internal->min_version, mmvt->want_minver);
+                        goto next;
+                }
+                if (ssl->internal->max_version != mmvt->want_maxver) {
+                        fprintf(stderr, "FAIL: test %zu - got SSL max "
+                            "version 0x%x, want 0x%x\n", i,
+                            ssl->internal->max_version, mmvt->want_maxver);
+                        goto next;
+                }
+ next:
+                SSL_CTX_free(ssl_ctx);
+                SSL_free(ssl);
+                ssl_ctx = NULL;
+                ssl = NULL;
+        }
+        return (failed);
+}
 int
 main(int argc, char **argv)
 {
@@ -421,6 +712,7 @@ main(int argc, char **argv)
        failed |= test_ssl_enabled_version_range();
        failed |= test_ssl_max_shared_version();
+        failed |= test_ssl_min_max_version();
        if (failed == 0)
                printf("PASS %s\n", __FILE__);

diff --git a/src/regress/lib/libssl/unit/ssl_versions.c b/src/regress/lib/libssl/unit/ssl_versions.c index eace13e438..c12f115c19 100644 --- a/src/regress/lib/libssl/unit/ssl_versions.c +++ b/src/regress/lib/libssl/unit/ssl_versions.c
@@ -1,6 +1,6 @@
1	/* $OpenBSD: ssl_versions.c,v 1.3 2017/01/25 11:11:21 jsing Exp $ */	1	/* $OpenBSD: ssl_versions.c,v 1.4 2017/05/06 20:39:03 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2016 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
4	*	4	*
5	* Permission to use, copy, modify, and distribute this software for any	5	* Permission to use, copy, modify, and distribute this software for any
6	* purpose with or without fee is hereby granted, provided that the above	6	* purpose with or without fee is hereby granted, provided that the above
@@ -361,7 +361,7 @@ static struct shared_version_test shared_version_tests[] = {
361	static int	361	static int
362	test_ssl_max_shared_version(void)	362	test_ssl_max_shared_version(void)
363	{	363	{
364	struct shared_version_test *srt;	364	struct shared_version_test *svt;
365	SSL_CTX *ssl_ctx = NULL;	365	SSL_CTX *ssl_ctx = NULL;
366	SSL *ssl = NULL;	366	SSL *ssl = NULL;
367	uint16_t maxver;	367	uint16_t maxver;
@@ -371,9 +371,9 @@ test_ssl_max_shared_version(void)
371	failed = 0;	371	failed = 0;
372		372
373	for (i = 0; i < N_SHARED_VERSION_TESTS; i++) {	373	for (i = 0; i < N_SHARED_VERSION_TESTS; i++) {
374	srt = &shared_version_tests[i];	374	svt = &shared_version_tests[i];
375		375
376	if ((ssl_ctx = SSL_CTX_new(srt->ssl_method())) == NULL) {	376	if ((ssl_ctx = SSL_CTX_new(svt->ssl_method())) == NULL) {
377	fprintf(stderr, "SSL_CTX_new() returned NULL\n");	377	fprintf(stderr, "SSL_CTX_new() returned NULL\n");
378	return 1;	378	return 1;
379	}	379	}
@@ -384,24 +384,24 @@ test_ssl_max_shared_version(void)
384		384
385	SSL_clear_options(ssl, SSL_OP_NO_TLSv1 \| SSL_OP_NO_TLSv1_1 \|	385	SSL_clear_options(ssl, SSL_OP_NO_TLSv1 \| SSL_OP_NO_TLSv1_1 \|
386	SSL_OP_NO_TLSv1_2);	386	SSL_OP_NO_TLSv1_2);
387	SSL_set_options(ssl, srt->options);	387	SSL_set_options(ssl, svt->options);
388		388
389	maxver = 0;	389	maxver = 0;
390	ssl->internal->min_version = srt->minver;	390	ssl->internal->min_version = svt->minver;
391	ssl->internal->max_version = srt->maxver;	391	ssl->internal->max_version = svt->maxver;
392		392
393	if (ssl_max_shared_version(ssl, srt->peerver, &maxver) != 1) {	393	if (ssl_max_shared_version(ssl, svt->peerver, &maxver) != 1) {
394	if (srt->want_maxver != 0) {	394	if (svt->want_maxver != 0) {
395	fprintf(stderr, "FAIL: test %zu - failed but "	395	fprintf(stderr, "FAIL: test %zu - failed but "
396	"wanted non-zero shared version\n", i);	396	"wanted non-zero shared version\n", i);
397	failed++;	397	failed++;
398	}	398	}
399	continue;	399	continue;
400	}	400	}
401	if (maxver != srt->want_maxver) {	401	if (maxver != svt->want_maxver) {
402	fprintf(stderr, "FAIL: test %zu - got shared "	402	fprintf(stderr, "FAIL: test %zu - got shared "
403	"version %x, want %x\n", i, maxver,	403	"version %x, want %x\n", i, maxver,
404	srt->want_maxver);	404	svt->want_maxver);
405	failed++;	405	failed++;
406	}	406	}
407		407
@@ -412,6 +412,297 @@ test_ssl_max_shared_version(void)
412	return (failed);	412	return (failed);
413	}	413	}
414		414
		415	struct min_max_version_test {
		416	const SSL_METHOD (ssl_method)(void);
		417	const uint16_t minver;
		418	const uint16_t maxver;
		419	const uint16_t want_minver;
		420	const uint16_t want_maxver;
		421	};
		422
		423	static struct min_max_version_test min_max_version_tests[] = {
		424	{
		425	.ssl_method = TLS_method,
		426	.minver = 0,
		427	.maxver = 0,
		428	.want_minver = TLS1_VERSION,
		429	.want_maxver = TLS1_2_VERSION,
		430	},
		431	{
		432	.ssl_method = TLS_method,
		433	.minver = TLS1_VERSION,
		434	.maxver = 0,
		435	.want_minver = TLS1_VERSION,
		436	.want_maxver = TLS1_2_VERSION,
		437	},
		438	{
		439	.ssl_method = TLS_method,
		440	.minver = 0,
		441	.maxver = TLS1_2_VERSION,
		442	.want_minver = TLS1_VERSION,
		443	.want_maxver = TLS1_2_VERSION,
		444	},
		445	{
		446	.ssl_method = TLS_method,
		447	.minver = TLS1_VERSION,
		448	.maxver = TLS1_2_VERSION,
		449	.want_minver = TLS1_VERSION,
		450	.want_maxver = TLS1_2_VERSION,
		451	},
		452	{
		453	.ssl_method = TLS_method,
		454	.minver = TLS1_1_VERSION,
		455	.maxver = 0,
		456	.want_minver = TLS1_1_VERSION,
		457	.want_maxver = TLS1_2_VERSION,
		458	},
		459	{
		460	.ssl_method = TLS_method,
		461	.minver = TLS1_2_VERSION,
		462	.maxver = 0,
		463	.want_minver = TLS1_2_VERSION,
		464	.want_maxver = TLS1_2_VERSION,
		465	},
		466	{
		467	.ssl_method = TLS_method,
		468	.minver = 0x0300,
		469	.maxver = 0,
		470	.want_minver = TLS1_VERSION,
		471	.want_maxver = TLS1_2_VERSION,
		472	},
		473	{
		474	.ssl_method = TLS_method,
		475	.minver = 0x0305,
		476	.maxver = 0,
		477	.want_minver = 0,
		478	.want_maxver = 0,
		479	},
		480	{
		481	.ssl_method = TLS_method,
		482	.minver = 0,
		483	.maxver = 0x0305,
		484	.want_minver = TLS1_VERSION,
		485	.want_maxver = TLS1_2_VERSION,
		486	},
		487	{
		488	.ssl_method = TLS_method,
		489	.minver = 0,
		490	.maxver = TLS1_1_VERSION,
		491	.want_minver = TLS1_VERSION,
		492	.want_maxver = TLS1_1_VERSION,
		493	},
		494	{
		495	.ssl_method = TLS_method,
		496	.minver = 0,
		497	.maxver = TLS1_VERSION,
		498	.want_minver = TLS1_VERSION,
		499	.want_maxver = TLS1_VERSION,
		500	},
		501	{
		502	.ssl_method = TLS_method,
		503	.minver = 0,
		504	.maxver = 0x0300,
		505	.want_minver = 0,
		506	.want_maxver = 0,
		507	},
		508	{
		509	.ssl_method = TLS_method,
		510	.minver = TLS1_2_VERSION,
		511	.maxver = TLS1_1_VERSION,
		512	.want_minver = TLS1_2_VERSION,
		513	.want_maxver = 0,
		514	},
		515	{
		516	.ssl_method = TLSv1_1_method,
		517	.minver = 0,
		518	.maxver = 0,
		519	.want_minver = TLS1_1_VERSION,
		520	.want_maxver = TLS1_1_VERSION,
		521	},
		522	{
		523	.ssl_method = TLSv1_1_method,
		524	.minver = TLS1_VERSION,
		525	.maxver = TLS1_2_VERSION,
		526	.want_minver = TLS1_1_VERSION,
		527	.want_maxver = TLS1_1_VERSION,
		528	},
		529	{
		530	.ssl_method = TLSv1_1_method,
		531	.minver = TLS1_2_VERSION,
		532	.maxver = 0,
		533	.want_minver = 0,
		534	.want_maxver = 0,
		535	},
		536	{
		537	.ssl_method = TLSv1_1_method,
		538	.minver = 0,
		539	.maxver = TLS1_VERSION,
		540	.want_minver = 0,
		541	.want_maxver = 0,
		542	},
		543	{
		544	.ssl_method = DTLSv1_method,
		545	.minver = 0,
		546	.maxver = 0,
		547	.want_minver = DTLS1_VERSION,
		548	.want_maxver = DTLS1_VERSION,
		549	},
		550	{
		551	.ssl_method = DTLSv1_method,
		552	.minver = DTLS1_VERSION,
		553	.maxver = 0,
		554	.want_minver = DTLS1_VERSION,
		555	.want_maxver = DTLS1_VERSION,
		556	},
		557	{
		558	.ssl_method = DTLSv1_method,
		559	.minver = 0,
		560	.maxver = DTLS1_VERSION,
		561	.want_minver = DTLS1_VERSION,
		562	.want_maxver = DTLS1_VERSION,
		563	},
		564	{
		565	.ssl_method = DTLSv1_method,
		566	.minver = TLS1_VERSION,
		567	.maxver = TLS1_2_VERSION,
		568	.want_minver = 0,
		569	.want_maxver = 0,
		570	},
		571	};
		572
		573	#define N_MIN_MAX_VERSION_TESTS \
		574	(sizeof(min_max_version_tests) / sizeof(*min_max_version_tests))
		575
		576	static int
		577	test_ssl_min_max_version(void)
		578	{
		579	struct min_max_version_test *mmvt;
		580	SSL_CTX *ssl_ctx = NULL;
		581	SSL *ssl = NULL;
		582	int failed = 0;
		583	size_t i;
		584
		585	failed = 0;
		586
		587	for (i = 0; i < N_SHARED_VERSION_TESTS; i++) {
		588	mmvt = &min_max_version_tests[i];
		589
		590	if ((ssl_ctx = SSL_CTX_new(mmvt->ssl_method())) == NULL) {
		591	fprintf(stderr, "SSL_CTX_new() returned NULL\n");
		592	return 1;
		593	}
		594
		595	if (SSL_CTX_set_min_proto_version(ssl_ctx, mmvt->minver) != 1) {
		596	if (mmvt->want_minver != 0) {
		597	fprintf(stderr, "FAIL: test %zu - failed to set "
		598	"SSL_CTX min version\n", i);
		599	failed++;
		600	}
		601	goto next;
		602	}
		603	if (SSL_CTX_set_max_proto_version(ssl_ctx, mmvt->maxver) != 1) {
		604	if (mmvt->want_maxver != 0) {
		605	fprintf(stderr, "FAIL: test %zu - failed to set "
		606	"SSL_CTX min version\n", i);
		607	failed++;
		608	}
		609	goto next;
		610	}
		611
		612	if (mmvt->want_minver == 0) {
		613	fprintf(stderr, "FAIL: test %zu - successfully set "
		614	"SSL_CTX min version, should have failed\n", i);
		615	goto next;
		616	}
		617	if (mmvt->want_maxver == 0) {
		618	fprintf(stderr, "FAIL: test %zu - successfully set "
		619	"SSL_CTX max version, should have failed\n", i);
		620	goto next;
		621	}
		622
		623	if (ssl_ctx->internal->min_version != mmvt->want_minver) {
		624	fprintf(stderr, "FAIL: test %zu - got SSL_CTX min "
		625	"version 0x%x, want 0x%x\n", i,
		626	ssl_ctx->internal->min_version, mmvt->want_minver);
		627	goto next;
		628	}
		629	if (ssl_ctx->internal->max_version != mmvt->want_maxver) {
		630	fprintf(stderr, "FAIL: test %zu - got SSL_CTX max "
		631	"version 0x%x, want 0x%x\n", i,
		632	ssl_ctx->internal->max_version, mmvt->want_maxver);
		633	goto next;
		634	}
		635
		636	if ((ssl = SSL_new(ssl_ctx)) == NULL) {
		637	fprintf(stderr, "SSL_new() returned NULL\n");
		638	return 1;
		639	}
		640
		641	if (ssl->internal->min_version != mmvt->want_minver) {
		642	fprintf(stderr, "FAIL: test %zu - initial SSL min "
		643	"version 0x%x, want 0x%x\n", i,
		644	ssl_ctx->internal->min_version, mmvt->want_minver);
		645	goto next;
		646	}
		647	if (ssl->internal->max_version != mmvt->want_maxver) {
		648	fprintf(stderr, "FAIL: test %zu - initial SSL max "
		649	"version 0x%x, want 0x%x\n", i,
		650	ssl_ctx->internal->max_version, mmvt->want_maxver);
		651	goto next;
		652	}
		653
		654	if (SSL_set_min_proto_version(ssl, mmvt->minver) != 1) {
		655	if (mmvt->want_minver != 0) {
		656	fprintf(stderr, "FAIL: test %zu - failed to set "
		657	"SSL min version\n", i);
		658	failed++;
		659	}
		660	goto next;
		661	}
		662	if (SSL_set_max_proto_version(ssl, mmvt->maxver) != 1) {
		663	if (mmvt->want_maxver != 0) {
		664	fprintf(stderr, "FAIL: test %zu - failed to set "
		665	"SSL min version\n", i);
		666	failed++;
		667	}
		668	goto next;
		669	}
		670
		671	if (mmvt->want_minver == 0) {
		672	fprintf(stderr, "FAIL: test %zu - successfully set SSL "
		673	"min version, should have failed\n", i);
		674	goto next;
		675	}
		676	if (mmvt->want_maxver == 0) {
		677	fprintf(stderr, "FAIL: test %zu - successfully set SSL "
		678	"max version, should have failed\n", i);
		679	goto next;
		680	}
		681
		682	if (ssl->internal->min_version != mmvt->want_minver) {
		683	fprintf(stderr, "FAIL: test %zu - got SSL min "
		684	"version 0x%x, want 0x%x\n", i,
		685	ssl_ctx->internal->min_version, mmvt->want_minver);
		686	goto next;
		687	}
		688	if (ssl->internal->max_version != mmvt->want_maxver) {
		689	fprintf(stderr, "FAIL: test %zu - got SSL max "
		690	"version 0x%x, want 0x%x\n", i,
		691	ssl->internal->max_version, mmvt->want_maxver);
		692	goto next;
		693	}
		694
		695	next:
		696	SSL_CTX_free(ssl_ctx);
		697	SSL_free(ssl);
		698
		699	ssl_ctx = NULL;
		700	ssl = NULL;
		701	}
		702
		703	return (failed);
		704	}
		705
415	int	706	int
416	main(int argc, char **argv)	707	main(int argc, char **argv)
417	{	708	{
@@ -421,6 +712,7 @@ main(int argc, char **argv)
421		712
422	failed \|= test_ssl_enabled_version_range();	713	failed \|= test_ssl_enabled_version_range();
423	failed \|= test_ssl_max_shared_version();	714	failed \|= test_ssl_max_shared_version();
		715	failed \|= test_ssl_min_max_version();
424		716
425	if (failed == 0)	717	if (failed == 0)
426	printf("PASS %s\n", __FILE__);	718	printf("PASS %s\n", __FILE__);