Commit b402b77d authored by Richard Levitte's avatar Richard Levitte
Browse files

Enhance ssltestlib's create_ssl_ctx_pair to take min and max proto version 



Have all test programs using that function specify those versions.
Additionally, have the remaining test programs that use SSL_CTX_new
directly specify at least the maximum protocol version.

Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5662)
parent b4ea929d

test/asynciotest.c

+1 −0
Original line number Diff line number Diff line
@@ -255,6 +255,7 @@ int main(int argc, char *argv[]) 
    }



    if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),

                             TLS1_VERSION, TLS_MAX_VERSION,

                             &serverctx, &clientctx, argv[1], argv[2])) {

        printf("Failed to create SSL_CTX pair\n");

        goto end;

test/clienthellotest.c

+4 −2
Original line number Diff line number Diff line
@@ -31,8 +31,8 @@ 


int main(int argc, char *argv[])

{

    SSL_CTX *ctx;

    SSL *con;

    SSL_CTX *ctx = NULL;

    SSL *con = NULL;

    BIO *rbio;

    BIO *wbio;

    BIO *err;
@@ -56,6 +56,8 @@ int main(int argc, char *argv[]) 
    for (; currtest < TOTAL_NUM_TESTS; currtest++) {

        testresult = 0;

        ctx = SSL_CTX_new(TLS_method());

        if (!SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION))

            goto end;

        con = SSL_new(ctx);



        rbio = BIO_new(BIO_s_mem());

test/dtlstest.c

+3 −2
Original line number Diff line number Diff line
@@ -49,8 +49,9 @@ static int test_dtls_unprocessed(int testidx) 


    printf("Starting Test %d\n", testidx);



    if (!create_ssl_ctx_pair(DTLS_server_method(), DTLS_client_method(), &sctx,

                             &cctx, cert, privkey)) {

    if (!create_ssl_ctx_pair(DTLS_server_method(), DTLS_client_method(),

                             DTLS1_VERSION, DTLS_MAX_VERSION, &sctx, &cctx,

                             cert, privkey)) {

        printf("Unable to create SSL_CTX pair\n");

        return 0;

    }

test/fatalerrtest.c

+2 −1
Original line number Diff line number Diff line
@@ -28,7 +28,8 @@ static int test_fatalerr(void) 
        0x17, 0x03, 0x03, 0x00, 0x05, 'D', 'u', 'm', 'm', 'y'

    };



    if (!create_ssl_ctx_pair(SSLv23_method(), SSLv23_method(), &sctx, &cctx,

    if (!create_ssl_ctx_pair(SSLv23_method(), SSLv23_method(),

                             SSL3_VERSION, TLS_MAX_VERSION, &sctx, &cctx,

                             cert, privkey)) {

        printf("Failed to create SSL_CTX pair\n");

        goto err;

test/ssl_test.c

+12 −0
Original line number Diff line number Diff line
@@ -249,15 +249,21 @@ static int execute_test(SSL_TEST_FIXTURE fixture) 
#ifndef OPENSSL_NO_DTLS

    if (test_ctx->method == SSL_TEST_METHOD_DTLS) {

        server_ctx = SSL_CTX_new(DTLS_server_method());

        TEST_check(SSL_CTX_set_max_proto_version(server_ctx, DTLS_MAX_VERSION));

        if (test_ctx->extra.server.servername_callback !=

            SSL_TEST_SERVERNAME_CB_NONE) {

            server2_ctx = SSL_CTX_new(DTLS_server_method());

            TEST_check(server2_ctx != NULL);

        }

        client_ctx = SSL_CTX_new(DTLS_client_method());

        TEST_check(SSL_CTX_set_max_proto_version(client_ctx, DTLS_MAX_VERSION));

        if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) {

            resume_server_ctx = SSL_CTX_new(DTLS_server_method());

            TEST_check(SSL_CTX_set_max_proto_version(resume_server_ctx,

                                                     DTLS_MAX_VERSION));

            resume_client_ctx = SSL_CTX_new(DTLS_client_method());

            TEST_check(SSL_CTX_set_max_proto_version(resume_client_ctx,

                                                     DTLS_MAX_VERSION));

            TEST_check(resume_server_ctx != NULL);

            TEST_check(resume_client_ctx != NULL);

        }
@@ -265,6 +271,7 @@ static int execute_test(SSL_TEST_FIXTURE fixture) 
#endif

    if (test_ctx->method == SSL_TEST_METHOD_TLS) {

        server_ctx = SSL_CTX_new(TLS_server_method());

        TEST_check(SSL_CTX_set_max_proto_version(server_ctx, TLS_MAX_VERSION));

        /* SNI on resumption isn't supported/tested yet. */

        if (test_ctx->extra.server.servername_callback !=

            SSL_TEST_SERVERNAME_CB_NONE) {
@@ -272,10 +279,15 @@ static int execute_test(SSL_TEST_FIXTURE fixture) 
            TEST_check(server2_ctx != NULL);

        }

        client_ctx = SSL_CTX_new(TLS_client_method());

        TEST_check(SSL_CTX_set_max_proto_version(client_ctx, TLS_MAX_VERSION));



        if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) {

            resume_server_ctx = SSL_CTX_new(TLS_server_method());

            TEST_check(SSL_CTX_set_max_proto_version(resume_server_ctx,

                                                     TLS_MAX_VERSION));

            resume_client_ctx = SSL_CTX_new(TLS_client_method());

            TEST_check(SSL_CTX_set_max_proto_version(resume_client_ctx,

                                                     TLS_MAX_VERSION));

            TEST_check(resume_server_ctx != NULL);

            TEST_check(resume_client_ctx != NULL);

        }