From 5c587fb6b996d47771bcaecd71489e4849103f56 Mon Sep 17 00:00:00 2001 From: Kurt Roeckx Date: Sun, 9 Dec 2018 20:53:05 +0100 Subject: [PATCH] Use (D)TLS_MAX_VERSION_INTERNAL internally Use 0 if we don't want to set a minimum or maximum version Reviewed-by: Matt Caswell GH: #7260 --- ssl/d1_lib.c | 2 +- ssl/ssl_locl.h | 3 +++ ssl/statem/statem_clnt.c | 2 +- ssl/statem/statem_lib.c | 10 ++++---- ssl/t1_lib.c | 2 +- test/asynciotest.c | 2 +- test/clienthellotest.c | 2 +- test/dtlstest.c | 8 +++--- test/fatalerrtest.c | 2 +- test/gosttest.c | 2 +- test/recordlentest.c | 2 +- test/servername_test.c | 2 +- test/ssl_test.c | 27 +++++++------------- test/sslapitest.c | 55 +++++++++++++++++++--------------------- test/sslbuffertest.c | 2 +- test/sslcorrupttest.c | 2 +- test/ssltest_old.c | 8 +++--- test/tls13ccstest.c | 2 +- 18 files changed, 63 insertions(+), 72 deletions(-) diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index 2da9ebbdcb..d3f681ba41 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -192,7 +192,7 @@ int dtls1_clear(SSL *s) return 0; if (s->method->version == DTLS_ANY_VERSION) - s->version = DTLS_MAX_VERSION; + s->version = DTLS_MAX_VERSION_INTERNAL; #ifndef OPENSSL_NO_DTLS1_METHOD else if (s->options & SSL_OP_CISCO_ANYCONNECT) s->client_version = s->version = DTLS1_BAD_VER; diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index c2e6474f86..2d68691a0f 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -131,6 +131,9 @@ (c)[1]=(unsigned char)(((l)>> 8)&0xff), \ (c)[2]=(unsigned char)(((l) )&0xff)),(c)+=3) +# define TLS_MAX_VERSION_INTERNAL TLS1_3_VERSION +# define DTLS_MAX_VERSION_INTERNAL DTLS1_2_VERSION + /* * DTLS version numbers are strange because they're inverted. Except for * DTLS1_BAD_VER, which should be considered "lower" than the rest. diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index c1a572f355..3b6cbb76cd 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -163,7 +163,7 @@ static int ossl_statem_client13_read_transition(SSL *s, int mt) return 1; } if (mt == SSL3_MT_CERTIFICATE_REQUEST) { -#if DTLS_MAX_VERSION != DTLS1_2_VERSION +#if DTLS_MAX_VERSION_INTERNAL != DTLS1_2_VERSION # error TODO(DTLS1.3): Restore digest for PHA before adding message. #endif if (!SSL_IS_DTLS(s) && s->post_handshake_auth == SSL_PHA_EXT_SENT) { diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 9e68e05ccf..1a9aa41b99 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -1417,7 +1417,7 @@ typedef struct { const SSL_METHOD *(*smeth) (void); } version_info; -#if TLS_MAX_VERSION != TLS1_3_VERSION +#if TLS_MAX_VERSION_INTERNAL != TLS1_3_VERSION # error Code needs update for TLS_method() support beyond TLS1_3_VERSION. #endif @@ -1451,7 +1451,7 @@ static const version_info tls_version_table[] = { {0, NULL, NULL}, }; -#if DTLS_MAX_VERSION != DTLS1_2_VERSION +#if DTLS_MAX_VERSION_INTERNAL != DTLS1_2_VERSION # error Code needs update for DTLS_method() support beyond DTLS1_2_VERSION. #endif @@ -1684,12 +1684,12 @@ int ssl_set_version_bound(int method_version, int version, int *bound) return 0; case TLS_ANY_VERSION: - if (version < SSL3_VERSION || version > TLS_MAX_VERSION) + if (version < SSL3_VERSION || version > TLS_MAX_VERSION_INTERNAL) return 0; break; case DTLS_ANY_VERSION: - if (DTLS_VERSION_GT(version, DTLS_MAX_VERSION) || + if (DTLS_VERSION_GT(version, DTLS_MAX_VERSION_INTERNAL) || DTLS_VERSION_LT(version, DTLS1_BAD_VER)) return 0; break; @@ -1735,7 +1735,7 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd) * With version-flexible methods we have an initial state with: * * s->method->version == (D)TLS_ANY_VERSION, - * s->version == (D)TLS_MAX_VERSION. + * s->version == (D)TLS_MAX_VERSION_INTERNAL. * * So we detect version-flexible methods via the method version, not the * handle version. diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index ee2278c6f8..5dc645ad5e 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -121,7 +121,7 @@ int tls1_clear(SSL *s) return 0; if (s->method->version == TLS_ANY_VERSION) - s->version = TLS_MAX_VERSION; + s->version = TLS_MAX_VERSION_INTERNAL; else s->version = s->method->version; diff --git a/test/asynciotest.c b/test/asynciotest.c index db9f218201..1085b4af22 100644 --- a/test/asynciotest.c +++ b/test/asynciotest.c @@ -297,7 +297,7 @@ static int test_asyncio(int test) char buf[sizeof(testdata)]; if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), - TLS1_VERSION, TLS_MAX_VERSION, + TLS1_VERSION, 0, &serverctx, &clientctx, cert, privkey))) goto end; diff --git a/test/clienthellotest.c b/test/clienthellotest.c index 2343145b87..6c7783158f 100644 --- a/test/clienthellotest.c +++ b/test/clienthellotest.c @@ -78,7 +78,7 @@ static int test_client_hello(int currtest) ctx = SSL_CTX_new(TLS_method()); if (!TEST_ptr(ctx)) goto end; - if (!TEST_true(SSL_CTX_set_max_proto_version(ctx, TLS_MAX_VERSION))) + if (!TEST_true(SSL_CTX_set_max_proto_version(ctx, 0))) goto end; switch(currtest) { diff --git a/test/dtlstest.c b/test/dtlstest.c index 62aa856761..0b048869d6 100644 --- a/test/dtlstest.c +++ b/test/dtlstest.c @@ -63,7 +63,7 @@ static int test_dtls_unprocessed(int testidx) if (!TEST_true(create_ssl_ctx_pair(DTLS_server_method(), DTLS_client_method(), - DTLS1_VERSION, DTLS_MAX_VERSION, + DTLS1_VERSION, 0, &sctx, &cctx, cert, privkey))) return 0; @@ -154,7 +154,7 @@ static int test_dtls_drop_records(int idx) if (!TEST_true(create_ssl_ctx_pair(DTLS_server_method(), DTLS_client_method(), - DTLS1_VERSION, DTLS_MAX_VERSION, + DTLS1_VERSION, 0, &sctx, &cctx, cert, privkey))) return 0; @@ -265,7 +265,7 @@ static int test_cookie(void) if (!TEST_true(create_ssl_ctx_pair(DTLS_server_method(), DTLS_client_method(), - DTLS1_VERSION, DTLS_MAX_VERSION, + DTLS1_VERSION, 0, &sctx, &cctx, cert, privkey))) return 0; @@ -297,7 +297,7 @@ static int test_dtls_duplicate_records(void) if (!TEST_true(create_ssl_ctx_pair(DTLS_server_method(), DTLS_client_method(), - DTLS1_VERSION, DTLS_MAX_VERSION, + DTLS1_VERSION, 0, &sctx, &cctx, cert, privkey))) return 0; diff --git a/test/fatalerrtest.c b/test/fatalerrtest.c index 280eed2629..329191449d 100644 --- a/test/fatalerrtest.c +++ b/test/fatalerrtest.c @@ -29,7 +29,7 @@ static int test_fatalerr(void) }; if (!TEST_true(create_ssl_ctx_pair(TLS_method(), TLS_method(), - TLS1_VERSION, TLS_MAX_VERSION, + TLS1_VERSION, 0, &sctx, &cctx, cert, privkey))) goto err; diff --git a/test/gosttest.c b/test/gosttest.c index 26e435d667..398effa0a3 100644 --- a/test/gosttest.c +++ b/test/gosttest.c @@ -41,7 +41,7 @@ static int test_tls13(int idx) if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), TLS1_VERSION, - TLS_MAX_VERSION, + 0, &sctx, &cctx, ciphers[idx].certnum == 0 ? cert1 : cert2, diff --git a/test/recordlentest.c b/test/recordlentest.c index 5dc878b377..a73e443684 100644 --- a/test/recordlentest.c +++ b/test/recordlentest.c @@ -103,7 +103,7 @@ static int test_record_overflow(int idx) ERR_clear_error(); if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), - TLS1_VERSION, TLS_MAX_VERSION, + TLS1_VERSION, 0, &sctx, &cctx, cert, privkey))) goto end; diff --git a/test/servername_test.c b/test/servername_test.c index bad29ec99c..0614d4bf8c 100644 --- a/test/servername_test.c +++ b/test/servername_test.c @@ -186,7 +186,7 @@ static int server_setup_sni(void) if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), - TLS1_VERSION, TLS_MAX_VERSION, + TLS1_VERSION, 0, &sctx, &cctx, cert, privkey)) || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, NULL))) diff --git a/test/ssl_test.c b/test/ssl_test.c index 16cb72507d..4f82bf7256 100644 --- a/test/ssl_test.c +++ b/test/ssl_test.c @@ -406,8 +406,7 @@ static int test_handshake(int idx) #ifndef OPENSSL_NO_DTLS if (test_ctx->method == SSL_TEST_METHOD_DTLS) { server_ctx = SSL_CTX_new(DTLS_server_method()); - if (!TEST_true(SSL_CTX_set_max_proto_version(server_ctx, - DTLS_MAX_VERSION))) + if (!TEST_true(SSL_CTX_set_max_proto_version(server_ctx, 0))) goto err; if (test_ctx->extra.server.servername_callback != SSL_TEST_SERVERNAME_CB_NONE) { @@ -415,17 +414,14 @@ static int test_handshake(int idx) goto err; } client_ctx = SSL_CTX_new(DTLS_client_method()); - if (!TEST_true(SSL_CTX_set_max_proto_version(client_ctx, - DTLS_MAX_VERSION))) + if (!TEST_true(SSL_CTX_set_max_proto_version(client_ctx, 0))) goto err; if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) { resume_server_ctx = SSL_CTX_new(DTLS_server_method()); - if (!TEST_true(SSL_CTX_set_max_proto_version(resume_server_ctx, - DTLS_MAX_VERSION))) + if (!TEST_true(SSL_CTX_set_max_proto_version(resume_server_ctx, 0))) goto err; resume_client_ctx = SSL_CTX_new(DTLS_client_method()); - if (!TEST_true(SSL_CTX_set_max_proto_version(resume_client_ctx, - DTLS_MAX_VERSION))) + if (!TEST_true(SSL_CTX_set_max_proto_version(resume_client_ctx, 0))) goto err; if (!TEST_ptr(resume_server_ctx) || !TEST_ptr(resume_client_ctx)) @@ -435,31 +431,26 @@ static int test_handshake(int idx) #endif if (test_ctx->method == SSL_TEST_METHOD_TLS) { server_ctx = SSL_CTX_new(TLS_server_method()); - if (!TEST_true(SSL_CTX_set_max_proto_version(server_ctx, - TLS_MAX_VERSION))) + if (!TEST_true(SSL_CTX_set_max_proto_version(server_ctx, 0))) goto err; /* SNI on resumption isn't supported/tested yet. */ if (test_ctx->extra.server.servername_callback != SSL_TEST_SERVERNAME_CB_NONE) { if (!TEST_ptr(server2_ctx = SSL_CTX_new(TLS_server_method()))) goto err; - if (!TEST_true(SSL_CTX_set_max_proto_version(server2_ctx, - TLS_MAX_VERSION))) + if (!TEST_true(SSL_CTX_set_max_proto_version(server2_ctx, 0))) goto err; } client_ctx = SSL_CTX_new(TLS_client_method()); - if (!TEST_true(SSL_CTX_set_max_proto_version(client_ctx, - TLS_MAX_VERSION))) + if (!TEST_true(SSL_CTX_set_max_proto_version(client_ctx, 0))) goto err; if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) { resume_server_ctx = SSL_CTX_new(TLS_server_method()); - if (!TEST_true(SSL_CTX_set_max_proto_version(resume_server_ctx, - TLS_MAX_VERSION))) + if (!TEST_true(SSL_CTX_set_max_proto_version(resume_server_ctx, 0))) goto err; resume_client_ctx = SSL_CTX_new(TLS_client_method()); - if (!TEST_true(SSL_CTX_set_max_proto_version(resume_client_ctx, - TLS_MAX_VERSION))) + if (!TEST_true(SSL_CTX_set_max_proto_version(resume_client_ctx, 0))) goto err; if (!TEST_ptr(resume_server_ctx) || !TEST_ptr(resume_client_ctx)) diff --git a/test/sslapitest.c b/test/sslapitest.c index fb70562bb6..d52380c285 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -317,7 +317,7 @@ static int test_keylog(void) if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), - TLS1_VERSION, TLS_MAX_VERSION, + TLS1_VERSION, 0, &sctx, &cctx, cert, privkey))) return 0; @@ -399,7 +399,7 @@ static int test_keylog_no_master_key(void) error_writing_log = 0; if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), - TLS1_VERSION, TLS_MAX_VERSION, + TLS1_VERSION, 0, &sctx, &cctx, cert, privkey)) || !TEST_true(SSL_CTX_set_max_early_data(sctx, SSL3_RT_MAX_PLAIN_LENGTH))) @@ -545,7 +545,7 @@ static int test_client_hello_cb(void) int testctr = 0, testresult = 0; if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), - TLS1_VERSION, TLS_MAX_VERSION, + TLS1_VERSION, 0, &sctx, &cctx, cert, privkey))) goto end; SSL_CTX_set_client_hello_cb(sctx, full_client_hello_callback, &testctr); @@ -846,15 +846,13 @@ static int test_ktls_no_client_no_server(void) static int test_large_message_tls(void) { return execute_test_large_message(TLS_server_method(), TLS_client_method(), - TLS1_VERSION, TLS_MAX_VERSION, - 0); + TLS1_VERSION, 0, 0); } static int test_large_message_tls_read_ahead(void) { return execute_test_large_message(TLS_server_method(), TLS_client_method(), - TLS1_VERSION, TLS_MAX_VERSION, - 1); + TLS1_VERSION, 0, 1); } #ifndef OPENSSL_NO_DTLS @@ -866,8 +864,7 @@ static int test_large_message_dtls(void) */ return execute_test_large_message(DTLS_server_method(), DTLS_client_method(), - DTLS1_VERSION, DTLS_MAX_VERSION, - 0); + DTLS1_VERSION, 0, 0); } #endif @@ -927,7 +924,7 @@ static int test_tlsext_status_type(void) BIO *certbio = NULL; if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), - TLS1_VERSION, TLS_MAX_VERSION, + TLS1_VERSION, 0, &sctx, &cctx, cert, privkey)) return 0; @@ -1096,7 +1093,7 @@ static int execute_test_session(int maxprot, int use_int_cache, numnewsesstick = 2; if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), - TLS1_VERSION, TLS_MAX_VERSION, + TLS1_VERSION, 0, &sctx, &cctx, cert, privkey))) return 0; @@ -1444,7 +1441,7 @@ static int setup_ticket_test(int stateful, int idx, SSL_CTX **sctx, int sess_id_ctx = 1; if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), - TLS1_VERSION, TLS_MAX_VERSION, sctx, + TLS1_VERSION, 0, sctx, cctx, cert, privkey)) || !TEST_true(SSL_CTX_set_num_tickets(*sctx, idx)) || !TEST_true(SSL_CTX_set_session_id_context(*sctx, @@ -1644,7 +1641,7 @@ static int test_psk_tickets(void) int sess_id_ctx = 1; if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), - TLS1_VERSION, TLS_MAX_VERSION, &sctx, + TLS1_VERSION, 0, &sctx, &cctx, NULL, NULL)) || !TEST_true(SSL_CTX_set_session_id_context(sctx, (void *)&sess_id_ctx, @@ -1770,7 +1767,7 @@ static int test_ssl_set_bio(int idx) } if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), - TLS1_VERSION, TLS_MAX_VERSION, + TLS1_VERSION, 0, &sctx, &cctx, cert, privkey))) goto end; @@ -1995,7 +1992,7 @@ static int test_set_sigalgs(int idx) : &testsigalgs[idx - OSSL_NELEM(testsigalgs)]; if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), - TLS1_VERSION, TLS_MAX_VERSION, + TLS1_VERSION, 0, &sctx, &cctx, cert, privkey))) return 0; @@ -2235,7 +2232,7 @@ static int setupearly_data_test(SSL_CTX **cctx, SSL_CTX **sctx, SSL **clientssl, if (*sctx == NULL && !TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), - TLS1_VERSION, TLS_MAX_VERSION, + TLS1_VERSION, 0, sctx, cctx, cert, privkey))) return 0; @@ -2561,7 +2558,7 @@ static int test_early_data_replay_int(int idx, int usecb, int confopt) allow_ed_cb_called = 0; if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), - TLS1_VERSION, TLS_MAX_VERSION, &sctx, + TLS1_VERSION, 0, &sctx, &cctx, cert, privkey))) return 0; @@ -3286,7 +3283,7 @@ static int test_set_ciphersuite(int idx) int testresult = 0; if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), - TLS1_VERSION, TLS_MAX_VERSION, + TLS1_VERSION, 0, &sctx, &cctx, cert, privkey)) || !TEST_true(SSL_CTX_set_ciphersuites(sctx, "TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256"))) @@ -3356,7 +3353,7 @@ static int test_ciphersuite_change(void) /* Create a session based on SHA-256 */ if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), - TLS1_VERSION, TLS_MAX_VERSION, + TLS1_VERSION, 0, &sctx, &cctx, cert, privkey)) || !TEST_true(SSL_CTX_set_ciphersuites(cctx, "TLS_AES_128_GCM_SHA256")) @@ -3496,7 +3493,7 @@ static int test_tls13_psk(int idx) int testresult = 0; if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), - TLS1_VERSION, TLS_MAX_VERSION, + TLS1_VERSION, 0, &sctx, &cctx, idx == 3 ? NULL : cert, idx == 3 ? NULL : privkey))) goto end; @@ -3744,7 +3741,7 @@ static int test_stateless(void) int testresult = 0; if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), - TLS1_VERSION, TLS_MAX_VERSION, + TLS1_VERSION, 0, &sctx, &cctx, cert, privkey))) goto end; @@ -3968,13 +3965,13 @@ static int test_custom_exts(int tst) snicb = 0; if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), - TLS1_VERSION, TLS_MAX_VERSION, + TLS1_VERSION, 0, &sctx, &cctx, cert, privkey))) goto end; if (tst == 2 && !TEST_true(create_ssl_ctx_pair(TLS_server_method(), NULL, - TLS1_VERSION, TLS_MAX_VERSION, + TLS1_VERSION, 0, &sctx2, NULL, cert, privkey))) goto end; @@ -4254,7 +4251,7 @@ static int test_export_key_mat(int tst) return 1; #endif if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), - TLS1_VERSION, TLS_MAX_VERSION, + TLS1_VERSION, 0, &sctx, &cctx, cert, privkey))) goto end; @@ -4452,7 +4449,7 @@ static int test_ssl_clear(int idx) /* Create an initial connection */ if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), - TLS1_VERSION, TLS_MAX_VERSION, + TLS1_VERSION, 0, &sctx, &cctx, cert, privkey)) || (idx == 1 && !TEST_true(SSL_CTX_set_max_proto_version(cctx, @@ -4608,7 +4605,7 @@ static int test_pha_key_update(void) int testresult = 0; if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), - TLS1_VERSION, TLS_MAX_VERSION, + TLS1_VERSION, 0, &sctx, &cctx, cert, privkey))) return 0; @@ -4831,7 +4828,7 @@ static int test_srp(int tst) } if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), - TLS1_VERSION, TLS_MAX_VERSION, + TLS1_VERSION, 0, &sctx, &cctx, cert, privkey))) goto end; @@ -5160,14 +5157,14 @@ static int test_ssl_pending(int tst) if (tst == 0) { if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), - TLS1_VERSION, TLS_MAX_VERSION, + TLS1_VERSION, 0, &sctx, &cctx, cert, privkey))) goto end; } else { #ifndef OPENSSL_NO_DTLS if (!TEST_true(create_ssl_ctx_pair(DTLS_server_method(), DTLS_client_method(), - DTLS1_VERSION, DTLS_MAX_VERSION, + DTLS1_VERSION, 0, &sctx, &cctx, cert, privkey))) goto end; #else diff --git a/test/sslbuffertest.c b/test/sslbuffertest.c index 0870bb70ba..0ee7bdbabf 100644 --- a/test/sslbuffertest.c +++ b/test/sslbuffertest.c @@ -166,7 +166,7 @@ int setup_tests(void) return 0; if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), - TLS1_VERSION, TLS_MAX_VERSION, + TLS1_VERSION, 0, &serverctx, &clientctx, cert, pkey)) { TEST_error("Failed to create SSL_CTX pair\n"); return 0; diff --git a/test/sslcorrupttest.c b/test/sslcorrupttest.c index 2c198093ff..1ca899db88 100644 --- a/test/sslcorrupttest.c +++ b/test/sslcorrupttest.c @@ -194,7 +194,7 @@ static int test_ssl_corrupt(int testidx) TEST_info("Starting #%d, %s", testidx, cipher_list[testidx]); if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), - TLS1_VERSION, TLS_MAX_VERSION, + TLS1_VERSION, 0, &sctx, &cctx, cert, privkey))) return 0; diff --git a/test/ssltest_old.c b/test/ssltest_old.c index f1966242e0..f26bf85173 100644 --- a/test/ssltest_old.c +++ b/test/ssltest_old.c @@ -1331,8 +1331,8 @@ int main(int argc, char *argv[]) min_version = TLS1_2_VERSION; max_version = TLS1_2_VERSION; } else { - min_version = SSL3_VERSION; - max_version = TLS_MAX_VERSION; + min_version = 0; + max_version = 0; } #endif #ifndef OPENSSL_NO_DTLS @@ -1345,8 +1345,8 @@ int main(int argc, char *argv[]) min_version = DTLS1_2_VERSION; max_version = DTLS1_2_VERSION; } else { - min_version = DTLS_MIN_VERSION; - max_version = DTLS_MAX_VERSION; + min_version = 0; + max_version = 0; } } #endif diff --git a/test/tls13ccstest.c b/test/tls13ccstest.c index 7609f0c456..521a992c1d 100644 --- a/test/tls13ccstest.c +++ b/test/tls13ccstest.c @@ -255,7 +255,7 @@ static int test_tls13ccs(int tst) chsessidlen = 0; if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), - TLS1_VERSION, TLS_MAX_VERSION, + TLS1_VERSION, 0, &sctx, &cctx, cert, privkey)) || !TEST_true(SSL_CTX_set_max_early_data(sctx, SSL3_RT_MAX_PLAIN_LENGTH))) -- 2.34.1