[openssl-commits] [openssl] master update
Kurt Roeckx
kurt at openssl.org
Sat Dec 15 11:52:12 UTC 2018
The branch master has been updated
via 04cd70c6899c6b36517b2b07d7a12b2cceba1bef (commit)
via 5c587fb6b996d47771bcaecd71489e4849103f56 (commit)
from 91c5473035aaf2c0d86e4039c2a29a5b70541905 (commit)
- Log -----------------------------------------------------------------
commit 04cd70c6899c6b36517b2b07d7a12b2cceba1bef
Author: Kurt Roeckx <kurt at roeckx.be>
Date: Tue Sep 18 22:17:14 2018 +0200
Deprecate TLS_MAX_VERSION, DTLS_MAX_VERSION and DTLS_MIN_VERSION
Fixes: #7183
Reviewed-by: Matt Caswell <matt at openssl.org>
GH: #7260
commit 5c587fb6b996d47771bcaecd71489e4849103f56
Author: Kurt Roeckx <kurt at roeckx.be>
Date: Sun Dec 9 20:53:05 2018 +0100
Use (D)TLS_MAX_VERSION_INTERNAL internally
Use 0 if we don't want to set a minimum or maximum version
Reviewed-by: Matt Caswell <matt at openssl.org>
GH: #7260
-----------------------------------------------------------------------
Summary of changes:
include/openssl/dtls1.h | 8 +++++--
include/openssl/tls1.h | 4 +++-
ssl/d1_lib.c | 2 +-
ssl/ssl_locl.h | 3 +++
ssl/statem/statem_clnt.c | 2 +-
ssl/statem/statem_lib.c | 10 ++++-----
ssl/t1_lib.c | 2 +-
test/asynciotest.c | 2 +-
test/clienthellotest.c | 2 +-
test/dtlstest.c | 8 +++----
test/fatalerrtest.c | 2 +-
test/gosttest.c | 2 +-
test/recordlentest.c | 2 +-
test/servername_test.c | 2 +-
test/ssl_test.c | 27 ++++++++----------------
test/sslapitest.c | 55 +++++++++++++++++++++++-------------------------
test/sslbuffertest.c | 2 +-
test/sslcorrupttest.c | 2 +-
test/ssltest_old.c | 8 +++----
test/tls13ccstest.c | 2 +-
20 files changed, 72 insertions(+), 75 deletions(-)
diff --git a/include/openssl/dtls1.h b/include/openssl/dtls1.h
index 21b5252..f717afb 100644
--- a/include/openssl/dtls1.h
+++ b/include/openssl/dtls1.h
@@ -14,10 +14,14 @@
extern "C" {
#endif
+#include <openssl/opensslconf.h>
+
# define DTLS1_VERSION 0xFEFF
# define DTLS1_2_VERSION 0xFEFD
-# define DTLS_MIN_VERSION DTLS1_VERSION
-# define DTLS_MAX_VERSION DTLS1_2_VERSION
+# if !OPENSSL_API_3
+# define DTLS_MIN_VERSION DTLS1_VERSION
+# define DTLS_MAX_VERSION DTLS1_2_VERSION
+# endif
# define DTLS1_VERSION_MAJOR 0xFE
# define DTLS1_BAD_VER 0x0100
diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
index c57344c..166f15a 100644
--- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h
@@ -28,7 +28,9 @@ extern "C" {
# define TLS1_1_VERSION 0x0302
# define TLS1_2_VERSION 0x0303
# define TLS1_3_VERSION 0x0304
-# define TLS_MAX_VERSION TLS1_3_VERSION
+# if !OPENSSL_API_3
+# define TLS_MAX_VERSION TLS1_3_VERSION
+# endif
/* Special value for method supporting multiple versions */
# define TLS_ANY_VERSION 0x10000
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index 2da9ebb..d3f681b 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -192,7 +192,7 @@ int dtls1_clear(SSL *s)
return 0;
if (s->method->version == DTLS_ANY_VERSION)
- s->version = DTLS_MAX_VERSION;
+ s->version = DTLS_MAX_VERSION_INTERNAL;
#ifndef OPENSSL_NO_DTLS1_METHOD
else if (s->options & SSL_OP_CISCO_ANYCONNECT)
s->client_version = s->version = DTLS1_BAD_VER;
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index c2e6474..2d68691 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -131,6 +131,9 @@
(c)[1]=(unsigned char)(((l)>> 8)&0xff), \
(c)[2]=(unsigned char)(((l) )&0xff)),(c)+=3)
+# define TLS_MAX_VERSION_INTERNAL TLS1_3_VERSION
+# define DTLS_MAX_VERSION_INTERNAL DTLS1_2_VERSION
+
/*
* DTLS version numbers are strange because they're inverted. Except for
* DTLS1_BAD_VER, which should be considered "lower" than the rest.
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index c1a572f..3b6cbb7 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -163,7 +163,7 @@ static int ossl_statem_client13_read_transition(SSL *s, int mt)
return 1;
}
if (mt == SSL3_MT_CERTIFICATE_REQUEST) {
-#if DTLS_MAX_VERSION != DTLS1_2_VERSION
+#if DTLS_MAX_VERSION_INTERNAL != DTLS1_2_VERSION
# error TODO(DTLS1.3): Restore digest for PHA before adding message.
#endif
if (!SSL_IS_DTLS(s) && s->post_handshake_auth == SSL_PHA_EXT_SENT) {
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 9e68e05..1a9aa41 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -1417,7 +1417,7 @@ typedef struct {
const SSL_METHOD *(*smeth) (void);
} version_info;
-#if TLS_MAX_VERSION != TLS1_3_VERSION
+#if TLS_MAX_VERSION_INTERNAL != TLS1_3_VERSION
# error Code needs update for TLS_method() support beyond TLS1_3_VERSION.
#endif
@@ -1451,7 +1451,7 @@ static const version_info tls_version_table[] = {
{0, NULL, NULL},
};
-#if DTLS_MAX_VERSION != DTLS1_2_VERSION
+#if DTLS_MAX_VERSION_INTERNAL != DTLS1_2_VERSION
# error Code needs update for DTLS_method() support beyond DTLS1_2_VERSION.
#endif
@@ -1684,12 +1684,12 @@ int ssl_set_version_bound(int method_version, int version, int *bound)
return 0;
case TLS_ANY_VERSION:
- if (version < SSL3_VERSION || version > TLS_MAX_VERSION)
+ if (version < SSL3_VERSION || version > TLS_MAX_VERSION_INTERNAL)
return 0;
break;
case DTLS_ANY_VERSION:
- if (DTLS_VERSION_GT(version, DTLS_MAX_VERSION) ||
+ if (DTLS_VERSION_GT(version, DTLS_MAX_VERSION_INTERNAL) ||
DTLS_VERSION_LT(version, DTLS1_BAD_VER))
return 0;
break;
@@ -1735,7 +1735,7 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
* With version-flexible methods we have an initial state with:
*
* s->method->version == (D)TLS_ANY_VERSION,
- * s->version == (D)TLS_MAX_VERSION.
+ * s->version == (D)TLS_MAX_VERSION_INTERNAL.
*
* So we detect version-flexible methods via the method version, not the
* handle version.
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index ee2278c..5dc645a 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -121,7 +121,7 @@ int tls1_clear(SSL *s)
return 0;
if (s->method->version == TLS_ANY_VERSION)
- s->version = TLS_MAX_VERSION;
+ s->version = TLS_MAX_VERSION_INTERNAL;
else
s->version = s->method->version;
diff --git a/test/asynciotest.c b/test/asynciotest.c
index db9f218..1085b4a 100644
--- a/test/asynciotest.c
+++ b/test/asynciotest.c
@@ -297,7 +297,7 @@ static int test_asyncio(int test)
char buf[sizeof(testdata)];
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
- TLS1_VERSION, TLS_MAX_VERSION,
+ TLS1_VERSION, 0,
&serverctx, &clientctx, cert, privkey)))
goto end;
diff --git a/test/clienthellotest.c b/test/clienthellotest.c
index 2343145..6c77831 100644
--- a/test/clienthellotest.c
+++ b/test/clienthellotest.c
@@ -78,7 +78,7 @@ static int test_client_hello(int currtest)
ctx = SSL_CTX_new(TLS_method());
if (!TEST_ptr(ctx))
goto end;
- if (!TEST_true(SSL_CTX_set_max_proto_version(ctx, TLS_MAX_VERSION)))
+ if (!TEST_true(SSL_CTX_set_max_proto_version(ctx, 0)))
goto end;
switch(currtest) {
diff --git a/test/dtlstest.c b/test/dtlstest.c
index 62aa856..0b04886 100644
--- a/test/dtlstest.c
+++ b/test/dtlstest.c
@@ -63,7 +63,7 @@ static int test_dtls_unprocessed(int testidx)
if (!TEST_true(create_ssl_ctx_pair(DTLS_server_method(),
DTLS_client_method(),
- DTLS1_VERSION, DTLS_MAX_VERSION,
+ DTLS1_VERSION, 0,
&sctx, &cctx, cert, privkey)))
return 0;
@@ -154,7 +154,7 @@ static int test_dtls_drop_records(int idx)
if (!TEST_true(create_ssl_ctx_pair(DTLS_server_method(),
DTLS_client_method(),
- DTLS1_VERSION, DTLS_MAX_VERSION,
+ DTLS1_VERSION, 0,
&sctx, &cctx, cert, privkey)))
return 0;
@@ -265,7 +265,7 @@ static int test_cookie(void)
if (!TEST_true(create_ssl_ctx_pair(DTLS_server_method(),
DTLS_client_method(),
- DTLS1_VERSION, DTLS_MAX_VERSION,
+ DTLS1_VERSION, 0,
&sctx, &cctx, cert, privkey)))
return 0;
@@ -297,7 +297,7 @@ static int test_dtls_duplicate_records(void)
if (!TEST_true(create_ssl_ctx_pair(DTLS_server_method(),
DTLS_client_method(),
- DTLS1_VERSION, DTLS_MAX_VERSION,
+ DTLS1_VERSION, 0,
&sctx, &cctx, cert, privkey)))
return 0;
diff --git a/test/fatalerrtest.c b/test/fatalerrtest.c
index 280eed2..3291914 100644
--- a/test/fatalerrtest.c
+++ b/test/fatalerrtest.c
@@ -29,7 +29,7 @@ static int test_fatalerr(void)
};
if (!TEST_true(create_ssl_ctx_pair(TLS_method(), TLS_method(),
- TLS1_VERSION, TLS_MAX_VERSION,
+ TLS1_VERSION, 0,
&sctx, &cctx, cert, privkey)))
goto err;
diff --git a/test/gosttest.c b/test/gosttest.c
index 26e435d..398effa 100644
--- a/test/gosttest.c
+++ b/test/gosttest.c
@@ -41,7 +41,7 @@ static int test_tls13(int idx)
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
TLS_client_method(),
TLS1_VERSION,
- TLS_MAX_VERSION,
+ 0,
&sctx, &cctx,
ciphers[idx].certnum == 0 ? cert1
: cert2,
diff --git a/test/recordlentest.c b/test/recordlentest.c
index 5dc878b..a73e443 100644
--- a/test/recordlentest.c
+++ b/test/recordlentest.c
@@ -103,7 +103,7 @@ static int test_record_overflow(int idx)
ERR_clear_error();
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
- TLS1_VERSION, TLS_MAX_VERSION,
+ TLS1_VERSION, 0,
&sctx, &cctx, cert, privkey)))
goto end;
diff --git a/test/servername_test.c b/test/servername_test.c
index bad29ec..0614d4b 100644
--- a/test/servername_test.c
+++ b/test/servername_test.c
@@ -186,7 +186,7 @@ static int server_setup_sni(void)
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
TLS_client_method(),
- TLS1_VERSION, TLS_MAX_VERSION,
+ TLS1_VERSION, 0,
&sctx, &cctx, cert, privkey))
|| !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
NULL, NULL)))
diff --git a/test/ssl_test.c b/test/ssl_test.c
index 16cb725..4f82bf7 100644
--- a/test/ssl_test.c
+++ b/test/ssl_test.c
@@ -406,8 +406,7 @@ static int test_handshake(int idx)
#ifndef OPENSSL_NO_DTLS
if (test_ctx->method == SSL_TEST_METHOD_DTLS) {
server_ctx = SSL_CTX_new(DTLS_server_method());
- if (!TEST_true(SSL_CTX_set_max_proto_version(server_ctx,
- DTLS_MAX_VERSION)))
+ if (!TEST_true(SSL_CTX_set_max_proto_version(server_ctx, 0)))
goto err;
if (test_ctx->extra.server.servername_callback !=
SSL_TEST_SERVERNAME_CB_NONE) {
@@ -415,17 +414,14 @@ static int test_handshake(int idx)
goto err;
}
client_ctx = SSL_CTX_new(DTLS_client_method());
- if (!TEST_true(SSL_CTX_set_max_proto_version(client_ctx,
- DTLS_MAX_VERSION)))
+ if (!TEST_true(SSL_CTX_set_max_proto_version(client_ctx, 0)))
goto err;
if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) {
resume_server_ctx = SSL_CTX_new(DTLS_server_method());
- if (!TEST_true(SSL_CTX_set_max_proto_version(resume_server_ctx,
- DTLS_MAX_VERSION)))
+ if (!TEST_true(SSL_CTX_set_max_proto_version(resume_server_ctx, 0)))
goto err;
resume_client_ctx = SSL_CTX_new(DTLS_client_method());
- if (!TEST_true(SSL_CTX_set_max_proto_version(resume_client_ctx,
- DTLS_MAX_VERSION)))
+ if (!TEST_true(SSL_CTX_set_max_proto_version(resume_client_ctx, 0)))
goto err;
if (!TEST_ptr(resume_server_ctx)
|| !TEST_ptr(resume_client_ctx))
@@ -435,31 +431,26 @@ static int test_handshake(int idx)
#endif
if (test_ctx->method == SSL_TEST_METHOD_TLS) {
server_ctx = SSL_CTX_new(TLS_server_method());
- if (!TEST_true(SSL_CTX_set_max_proto_version(server_ctx,
- TLS_MAX_VERSION)))
+ if (!TEST_true(SSL_CTX_set_max_proto_version(server_ctx, 0)))
goto err;
/* SNI on resumption isn't supported/tested yet. */
if (test_ctx->extra.server.servername_callback !=
SSL_TEST_SERVERNAME_CB_NONE) {
if (!TEST_ptr(server2_ctx = SSL_CTX_new(TLS_server_method())))
goto err;
- if (!TEST_true(SSL_CTX_set_max_proto_version(server2_ctx,
- TLS_MAX_VERSION)))
+ if (!TEST_true(SSL_CTX_set_max_proto_version(server2_ctx, 0)))
goto err;
}
client_ctx = SSL_CTX_new(TLS_client_method());
- if (!TEST_true(SSL_CTX_set_max_proto_version(client_ctx,
- TLS_MAX_VERSION)))
+ if (!TEST_true(SSL_CTX_set_max_proto_version(client_ctx, 0)))
goto err;
if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) {
resume_server_ctx = SSL_CTX_new(TLS_server_method());
- if (!TEST_true(SSL_CTX_set_max_proto_version(resume_server_ctx,
- TLS_MAX_VERSION)))
+ if (!TEST_true(SSL_CTX_set_max_proto_version(resume_server_ctx, 0)))
goto err;
resume_client_ctx = SSL_CTX_new(TLS_client_method());
- if (!TEST_true(SSL_CTX_set_max_proto_version(resume_client_ctx,
- TLS_MAX_VERSION)))
+ if (!TEST_true(SSL_CTX_set_max_proto_version(resume_client_ctx, 0)))
goto err;
if (!TEST_ptr(resume_server_ctx)
|| !TEST_ptr(resume_client_ctx))
diff --git a/test/sslapitest.c b/test/sslapitest.c
index fb70562..d52380c 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -317,7 +317,7 @@ static int test_keylog(void)
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
TLS_client_method(),
- TLS1_VERSION, TLS_MAX_VERSION,
+ TLS1_VERSION, 0,
&sctx, &cctx, cert, privkey)))
return 0;
@@ -399,7 +399,7 @@ static int test_keylog_no_master_key(void)
error_writing_log = 0;
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
- TLS1_VERSION, TLS_MAX_VERSION,
+ TLS1_VERSION, 0,
&sctx, &cctx, cert, privkey))
|| !TEST_true(SSL_CTX_set_max_early_data(sctx,
SSL3_RT_MAX_PLAIN_LENGTH)))
@@ -545,7 +545,7 @@ static int test_client_hello_cb(void)
int testctr = 0, testresult = 0;
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
- TLS1_VERSION, TLS_MAX_VERSION,
+ TLS1_VERSION, 0,
&sctx, &cctx, cert, privkey)))
goto end;
SSL_CTX_set_client_hello_cb(sctx, full_client_hello_callback, &testctr);
@@ -846,15 +846,13 @@ static int test_ktls_no_client_no_server(void)
static int test_large_message_tls(void)
{
return execute_test_large_message(TLS_server_method(), TLS_client_method(),
- TLS1_VERSION, TLS_MAX_VERSION,
- 0);
+ TLS1_VERSION, 0, 0);
}
static int test_large_message_tls_read_ahead(void)
{
return execute_test_large_message(TLS_server_method(), TLS_client_method(),
- TLS1_VERSION, TLS_MAX_VERSION,
- 1);
+ TLS1_VERSION, 0, 1);
}
#ifndef OPENSSL_NO_DTLS
@@ -866,8 +864,7 @@ static int test_large_message_dtls(void)
*/
return execute_test_large_message(DTLS_server_method(),
DTLS_client_method(),
- DTLS1_VERSION, DTLS_MAX_VERSION,
- 0);
+ DTLS1_VERSION, 0, 0);
}
#endif
@@ -927,7 +924,7 @@ static int test_tlsext_status_type(void)
BIO *certbio = NULL;
if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
- TLS1_VERSION, TLS_MAX_VERSION,
+ TLS1_VERSION, 0,
&sctx, &cctx, cert, privkey))
return 0;
@@ -1096,7 +1093,7 @@ static int execute_test_session(int maxprot, int use_int_cache,
numnewsesstick = 2;
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
- TLS1_VERSION, TLS_MAX_VERSION,
+ TLS1_VERSION, 0,
&sctx, &cctx, cert, privkey)))
return 0;
@@ -1444,7 +1441,7 @@ static int setup_ticket_test(int stateful, int idx, SSL_CTX **sctx,
int sess_id_ctx = 1;
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
- TLS1_VERSION, TLS_MAX_VERSION, sctx,
+ TLS1_VERSION, 0, sctx,
cctx, cert, privkey))
|| !TEST_true(SSL_CTX_set_num_tickets(*sctx, idx))
|| !TEST_true(SSL_CTX_set_session_id_context(*sctx,
@@ -1644,7 +1641,7 @@ static int test_psk_tickets(void)
int sess_id_ctx = 1;
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
- TLS1_VERSION, TLS_MAX_VERSION, &sctx,
+ TLS1_VERSION, 0, &sctx,
&cctx, NULL, NULL))
|| !TEST_true(SSL_CTX_set_session_id_context(sctx,
(void *)&sess_id_ctx,
@@ -1770,7 +1767,7 @@ static int test_ssl_set_bio(int idx)
}
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
- TLS1_VERSION, TLS_MAX_VERSION,
+ TLS1_VERSION, 0,
&sctx, &cctx, cert, privkey)))
goto end;
@@ -1995,7 +1992,7 @@ static int test_set_sigalgs(int idx)
: &testsigalgs[idx - OSSL_NELEM(testsigalgs)];
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
- TLS1_VERSION, TLS_MAX_VERSION,
+ TLS1_VERSION, 0,
&sctx, &cctx, cert, privkey)))
return 0;
@@ -2235,7 +2232,7 @@ static int setupearly_data_test(SSL_CTX **cctx, SSL_CTX **sctx, SSL **clientssl,
if (*sctx == NULL
&& !TEST_true(create_ssl_ctx_pair(TLS_server_method(),
TLS_client_method(),
- TLS1_VERSION, TLS_MAX_VERSION,
+ TLS1_VERSION, 0,
sctx, cctx, cert, privkey)))
return 0;
@@ -2561,7 +2558,7 @@ static int test_early_data_replay_int(int idx, int usecb, int confopt)
allow_ed_cb_called = 0;
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
- TLS1_VERSION, TLS_MAX_VERSION, &sctx,
+ TLS1_VERSION, 0, &sctx,
&cctx, cert, privkey)))
return 0;
@@ -3286,7 +3283,7 @@ static int test_set_ciphersuite(int idx)
int testresult = 0;
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
- TLS1_VERSION, TLS_MAX_VERSION,
+ TLS1_VERSION, 0,
&sctx, &cctx, cert, privkey))
|| !TEST_true(SSL_CTX_set_ciphersuites(sctx,
"TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256")))
@@ -3356,7 +3353,7 @@ static int test_ciphersuite_change(void)
/* Create a session based on SHA-256 */
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
- TLS1_VERSION, TLS_MAX_VERSION,
+ TLS1_VERSION, 0,
&sctx, &cctx, cert, privkey))
|| !TEST_true(SSL_CTX_set_ciphersuites(cctx,
"TLS_AES_128_GCM_SHA256"))
@@ -3496,7 +3493,7 @@ static int test_tls13_psk(int idx)
int testresult = 0;
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
- TLS1_VERSION, TLS_MAX_VERSION,
+ TLS1_VERSION, 0,
&sctx, &cctx, idx == 3 ? NULL : cert,
idx == 3 ? NULL : privkey)))
goto end;
@@ -3744,7 +3741,7 @@ static int test_stateless(void)
int testresult = 0;
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
- TLS1_VERSION, TLS_MAX_VERSION,
+ TLS1_VERSION, 0,
&sctx, &cctx, cert, privkey)))
goto end;
@@ -3968,13 +3965,13 @@ static int test_custom_exts(int tst)
snicb = 0;
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
- TLS1_VERSION, TLS_MAX_VERSION,
+ TLS1_VERSION, 0,
&sctx, &cctx, cert, privkey)))
goto end;
if (tst == 2
&& !TEST_true(create_ssl_ctx_pair(TLS_server_method(), NULL,
- TLS1_VERSION, TLS_MAX_VERSION,
+ TLS1_VERSION, 0,
&sctx2, NULL, cert, privkey)))
goto end;
@@ -4254,7 +4251,7 @@ static int test_export_key_mat(int tst)
return 1;
#endif
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
- TLS1_VERSION, TLS_MAX_VERSION,
+ TLS1_VERSION, 0,
&sctx, &cctx, cert, privkey)))
goto end;
@@ -4452,7 +4449,7 @@ static int test_ssl_clear(int idx)
/* Create an initial connection */
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
- TLS1_VERSION, TLS_MAX_VERSION,
+ TLS1_VERSION, 0,
&sctx, &cctx, cert, privkey))
|| (idx == 1
&& !TEST_true(SSL_CTX_set_max_proto_version(cctx,
@@ -4608,7 +4605,7 @@ static int test_pha_key_update(void)
int testresult = 0;
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
- TLS1_VERSION, TLS_MAX_VERSION,
+ TLS1_VERSION, 0,
&sctx, &cctx, cert, privkey)))
return 0;
@@ -4831,7 +4828,7 @@ static int test_srp(int tst)
}
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
- TLS1_VERSION, TLS_MAX_VERSION,
+ TLS1_VERSION, 0,
&sctx, &cctx, cert, privkey)))
goto end;
@@ -5160,14 +5157,14 @@ static int test_ssl_pending(int tst)
if (tst == 0) {
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
TLS_client_method(),
- TLS1_VERSION, TLS_MAX_VERSION,
+ TLS1_VERSION, 0,
&sctx, &cctx, cert, privkey)))
goto end;
} else {
#ifndef OPENSSL_NO_DTLS
if (!TEST_true(create_ssl_ctx_pair(DTLS_server_method(),
DTLS_client_method(),
- DTLS1_VERSION, DTLS_MAX_VERSION,
+ DTLS1_VERSION, 0,
&sctx, &cctx, cert, privkey)))
goto end;
#else
diff --git a/test/sslbuffertest.c b/test/sslbuffertest.c
index 0870bb7..0ee7bdb 100644
--- a/test/sslbuffertest.c
+++ b/test/sslbuffertest.c
@@ -166,7 +166,7 @@ int setup_tests(void)
return 0;
if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
- TLS1_VERSION, TLS_MAX_VERSION,
+ TLS1_VERSION, 0,
&serverctx, &clientctx, cert, pkey)) {
TEST_error("Failed to create SSL_CTX pair\n");
return 0;
diff --git a/test/sslcorrupttest.c b/test/sslcorrupttest.c
index 2c19809..1ca899d 100644
--- a/test/sslcorrupttest.c
+++ b/test/sslcorrupttest.c
@@ -194,7 +194,7 @@ static int test_ssl_corrupt(int testidx)
TEST_info("Starting #%d, %s", testidx, cipher_list[testidx]);
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
- TLS1_VERSION, TLS_MAX_VERSION,
+ TLS1_VERSION, 0,
&sctx, &cctx, cert, privkey)))
return 0;
diff --git a/test/ssltest_old.c b/test/ssltest_old.c
index f196624..f26bf85 100644
--- a/test/ssltest_old.c
+++ b/test/ssltest_old.c
@@ -1331,8 +1331,8 @@ int main(int argc, char *argv[])
min_version = TLS1_2_VERSION;
max_version = TLS1_2_VERSION;
} else {
- min_version = SSL3_VERSION;
- max_version = TLS_MAX_VERSION;
+ min_version = 0;
+ max_version = 0;
}
#endif
#ifndef OPENSSL_NO_DTLS
@@ -1345,8 +1345,8 @@ int main(int argc, char *argv[])
min_version = DTLS1_2_VERSION;
max_version = DTLS1_2_VERSION;
} else {
- min_version = DTLS_MIN_VERSION;
- max_version = DTLS_MAX_VERSION;
+ min_version = 0;
+ max_version = 0;
}
}
#endif
diff --git a/test/tls13ccstest.c b/test/tls13ccstest.c
index 7609f0c..521a992 100644
--- a/test/tls13ccstest.c
+++ b/test/tls13ccstest.c
@@ -255,7 +255,7 @@ static int test_tls13ccs(int tst)
chsessidlen = 0;
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
- TLS1_VERSION, TLS_MAX_VERSION,
+ TLS1_VERSION, 0,
&sctx, &cctx, cert, privkey))
|| !TEST_true(SSL_CTX_set_max_early_data(sctx,
SSL3_RT_MAX_PLAIN_LENGTH)))
More information about the openssl-commits
mailing list