diff options
| author | Richard Levitte <levitte@openssl.org> | 2018-03-19 09:08:06 +0100 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2018-03-19 18:24:30 +0100 |
| commit | 7d7f6834e542e53f604b46a72d57fad773d4b2bc (patch) | |
| tree | 4b126c6099d838deea5c740751141291807037bc /test/ssl_test.c | |
| parent | 2e2faa8c4802f2fcecea699ddda246929b2ca329 (diff) | |
| download | openssl-7d7f6834e542e53f604b46a72d57fad773d4b2bc.tar.gz | |
Enhance ssltestlib's create_ssl_ctx_pair to take min and max proto version
Have all test programs using that function specify those versions.
Additionally, have the remaining test programs that use SSL_CTX_new
directly specify at least the maximum protocol version.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5663)
Diffstat (limited to 'test/ssl_test.c')
| -rw-r--r-- | test/ssl_test.c | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/test/ssl_test.c b/test/ssl_test.c index 778c330313..ddb338bb67 100644 --- a/test/ssl_test.c +++ b/test/ssl_test.c @@ -406,15 +406,27 @@ static int test_handshake(int idx) #ifndef OPENSSL_NO_DTLS if (test_ctx->method == SSL_TEST_METHOD_DTLS) { server_ctx = SSL_CTX_new(DTLS_server_method()); + if (!TEST_true(SSL_CTX_set_max_proto_version(server_ctx, + DTLS_MAX_VERSION))) + goto err; if (test_ctx->extra.server.servername_callback != SSL_TEST_SERVERNAME_CB_NONE) { if (!TEST_ptr(server2_ctx = SSL_CTX_new(DTLS_server_method()))) goto err; } client_ctx = SSL_CTX_new(DTLS_client_method()); + if (!TEST_true(SSL_CTX_set_max_proto_version(client_ctx, + DTLS_MAX_VERSION))) + goto err; if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) { resume_server_ctx = SSL_CTX_new(DTLS_server_method()); + if (!TEST_true(SSL_CTX_set_max_proto_version(resume_server_ctx, + DTLS_MAX_VERSION))) + goto err; resume_client_ctx = SSL_CTX_new(DTLS_client_method()); + if (!TEST_true(SSL_CTX_set_max_proto_version(resume_client_ctx, + DTLS_MAX_VERSION))) + goto err; if (!TEST_ptr(resume_server_ctx) || !TEST_ptr(resume_client_ctx)) goto err; @@ -423,17 +435,32 @@ static int test_handshake(int idx) #endif if (test_ctx->method == SSL_TEST_METHOD_TLS) { server_ctx = SSL_CTX_new(TLS_server_method()); + if (!TEST_true(SSL_CTX_set_max_proto_version(server_ctx, + TLS_MAX_VERSION))) + goto err; /* SNI on resumption isn't supported/tested yet. */ if (test_ctx->extra.server.servername_callback != SSL_TEST_SERVERNAME_CB_NONE) { if (!TEST_ptr(server2_ctx = SSL_CTX_new(TLS_server_method()))) goto err; + if (!TEST_true(SSL_CTX_set_max_proto_version(server2_ctx, + TLS_MAX_VERSION))) + goto err; } client_ctx = SSL_CTX_new(TLS_client_method()); + if (!TEST_true(SSL_CTX_set_max_proto_version(client_ctx, + TLS_MAX_VERSION))) + goto err; if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) { resume_server_ctx = SSL_CTX_new(TLS_server_method()); + if (!TEST_true(SSL_CTX_set_max_proto_version(resume_server_ctx, + TLS_MAX_VERSION))) + goto err; resume_client_ctx = SSL_CTX_new(TLS_client_method()); + if (!TEST_true(SSL_CTX_set_max_proto_version(resume_client_ctx, + TLS_MAX_VERSION))) + goto err; if (!TEST_ptr(resume_server_ctx) || !TEST_ptr(resume_client_ctx)) goto err; |