This commit is contained in:
purplerain 2023-07-06 21:55:14 +00:00
parent f1b2576417
commit 2a351e0cdc
Signed by: purplerain
GPG key ID: F42C07F07E2E35B7
347 changed files with 9596 additions and 5486 deletions

View file

@ -1,11 +1,11 @@
# $OpenBSD: Makefile,v 1.51 2022/11/05 21:58:24 jsing Exp $
# $OpenBSD: Makefile,v 1.52 2023/07/02 17:21:32 beck Exp $
SUBDIR += api
SUBDIR += asn1
SUBDIR += buffer
SUBDIR += bytestring
SUBDIR += ciphers
SUBDIR += client
#SUBDIR += client
SUBDIR += dtls
SUBDIR += exporter
SUBDIR += handshake
@ -13,7 +13,7 @@ SUBDIR += pqueue
SUBDIR += quic
SUBDIR += record
SUBDIR += record_layer
SUBDIR += server
#SUBDIR += server
SUBDIR += ssl
SUBDIR += tls
SUBDIR += tlsext

View file

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.6 2023/04/19 15:34:23 tb Exp $
# $OpenBSD: Makefile,v 1.7 2023/07/02 17:21:32 beck Exp $
# Connect a client to a server. Both can be current libressl, or
# openssl 1.1 or openssl 3.0. Pin client or server to a fixed TLS
@ -14,7 +14,7 @@ LIBRARIES += openssl11
LIBRARIES += openssl30
.endif
VERSIONS = any TLS1 TLS1_1 TLS1_2 TLS1_3
VERSIONS = any TLS1_2 TLS1_3
.for cver in ${VERSIONS}
.for sver in ${VERSIONS}

View file

@ -1,4 +1,4 @@
/* $OpenBSD: ssltest.c,v 1.39 2023/04/15 16:50:05 tb Exp $ */
/* $OpenBSD: ssltest.c,v 1.41 2023/07/04 08:47:01 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -254,6 +254,7 @@ cb_server_alpn(SSL *s, const unsigned char **out, unsigned char *outlen,
* Make a copy of the selected protocol which will be freed in
* verify_alpn.
*/
free(alpn_selected);
if ((alpn_selected = malloc(*outlen)) == NULL) {
fprintf(stderr, "malloc failed\n");
abort();
@ -336,7 +337,7 @@ sv_usage(void)
fprintf(stderr, " -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n");
fprintf(stderr, " -no_dhe - disable DHE\n");
fprintf(stderr, " -no_ecdhe - disable ECDHE\n");
fprintf(stderr, " -dtls1 - use DTLSv1\n");
fprintf(stderr, " -dtls1_2 - use DTLSv1.2\n");
fprintf(stderr, " -tls1 - use TLSv1\n");
fprintf(stderr, " -tls1_2 - use TLSv1.2\n");
fprintf(stderr, " -CApath arg - PEM format directory of CA's\n");
@ -409,7 +410,7 @@ main(int argc, char *argv[])
int badop = 0;
int bio_pair = 0;
int force = 0;
int tls1 = 0, tls1_2 = 0, dtls1 = 0, ret = 1;
int tls1 = 0, tls1_2 = 0, dtls1_2 = 0, ret = 1;
int client_auth = 0;
int server_auth = 0, i;
char *app_verify_arg = "Test Callback Argument";
@ -464,8 +465,8 @@ main(int argc, char *argv[])
no_dhe = 1;
else if (strcmp(*argv, "-no_ecdhe") == 0)
no_ecdhe = 1;
else if (strcmp(*argv, "-dtls1") == 0)
dtls1 = 1;
else if (strcmp(*argv, "-dtls1_2") == 0)
dtls1_2 = 1;
else if (strcmp(*argv, "-tls1") == 0)
tls1 = 1;
else if (strcmp(*argv, "-tls1_2") == 0)
@ -565,7 +566,7 @@ bad:
goto end;
}
if (!dtls1 && !tls1 && !tls1_2 && number > 1 && !reuse && !force) {
if (!dtls1_2 && !tls1 && !tls1_2 && number > 1 && !reuse && !force) {
fprintf(stderr,
"This case cannot work. Use -f to perform "
"the test anyway (and\n-d to see what happens), "
@ -588,8 +589,8 @@ bad:
SSL_library_init();
SSL_load_error_strings();
if (dtls1)
meth = DTLSv1_method();
if (dtls1_2)
meth = DTLSv1_2_method();
else if (tls1)
meth = TLSv1_method();
else if (tls1_2)

View file

@ -95,8 +95,7 @@ done
if $openssl no-dh; then
echo skipping anonymous DH tests
else
echo test tls1 with 1024bit anonymous DH, multiple handshakes
$ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1
echo skipping tls1 tests.
fi
#if $openssl no-rsa; then
@ -117,17 +116,16 @@ fi
# DTLS tests
#
echo test dtlsv1
$ssltest -dtls1 $extra || exit 1
$ssltest -dtls1_2 $extra || exit 1
echo test dtlsv1 with server authentication
$ssltest -dtls1 -server_auth $CA $extra || exit 1
echo test dtlsv1_2 with server authentication
$ssltest -dtls1_2 -server_auth $CA $extra || exit 1
echo test dtlsv1 with client authentication
$ssltest -dtls1 -client_auth $CA $extra || exit 1
echo test dtlsv1_2 with client authentication
$ssltest -dtls1_2 -client_auth $CA $extra || exit 1
echo test dtlsv1 with both client and server authentication
$ssltest -dtls1 -server_auth -client_auth $CA $extra || exit 1
echo test dtlsv1_2 with both client and server authentication
$ssltest -dtls1_2 -server_auth -client_auth $CA $extra || exit 1
echo "Testing DTLS ciphersuites"
for protocol in SSLv3; do
@ -136,7 +134,7 @@ for protocol in SSLv3; do
awk "/ $protocol / { print \\$1 }" |
grep -v RC4`; do
echo "Testing $cipher"
$ssltest -cipher $cipher -dtls1
$ssltest -cipher $cipher -dtls1_2
if [ $? -ne 0 ] ; then
echo "Failed $cipher"
exit 1
@ -148,17 +146,17 @@ done
# ALPN tests
#
echo "Testing ALPN..."
$ssltest -bio_pair -tls1 -alpn_client foo -alpn_server bar || exit 1
$ssltest -bio_pair -tls1 -alpn_client foo -alpn_server foo \
$ssltest -bio_pair -alpn_client foo -alpn_server bar || exit 1
$ssltest -bio_pair -alpn_client foo -alpn_server foo \
-alpn_expected foo || exit 1
$ssltest -bio_pair -tls1 -alpn_client foo,bar -alpn_server foo \
$ssltest -bio_pair -alpn_client foo,bar -alpn_server foo \
-alpn_expected foo || exit 1
$ssltest -bio_pair -tls1 -alpn_client bar,foo -alpn_server foo \
$ssltest -bio_pair -alpn_client bar,foo -alpn_server foo \
-alpn_expected foo || exit 1
$ssltest -bio_pair -tls1 -alpn_client bar,foo -alpn_server foo,bar \
$ssltest -bio_pair -alpn_client bar,foo -alpn_server foo,bar \
-alpn_expected foo || exit 1
$ssltest -bio_pair -tls1 -alpn_client bar,foo -alpn_server bar,foo \
$ssltest -bio_pair -alpn_client bar,foo -alpn_server bar,foo \
-alpn_expected bar || exit 1
$ssltest -bio_pair -tls1 -alpn_client foo,bar -alpn_server bar,foo \
$ssltest -bio_pair -alpn_client foo,bar -alpn_server bar,foo \
-alpn_expected bar || exit 1
$ssltest -bio_pair -tls1 -alpn_client baz -alpn_server bar,foo || exit 1
$ssltest -bio_pair -alpn_client baz -alpn_server bar,foo || exit 1

View file

@ -1,4 +1,4 @@
/* $OpenBSD: tlstest.c,v 1.1 2021/10/23 14:34:10 jsing Exp $ */
/* $OpenBSD: tlstest.c,v 1.2 2023/07/02 17:21:33 beck Exp $ */
/*
* Copyright (c) 2020, 2021 Joel Sing <jsing@openbsd.org>
*
@ -244,14 +244,6 @@ static const struct tls_test tls_tests[] = {
.desc = "Default client and TLSv1.2 server",
.server_max_version = TLS1_2_VERSION,
},
{
.desc = "Default client and TLSv1.1 server",
.server_max_version = TLS1_1_VERSION,
},
{
.desc = "Default client and TLSv1.0 server",
.server_max_version = TLS1_VERSION,
},
{
.desc = "Default client and default server with ECDHE KEX",
.server_ciphers = "ECDHE-RSA-AES128-SHA",
@ -261,16 +253,6 @@ static const struct tls_test tls_tests[] = {
.server_max_version = TLS1_2_VERSION,
.server_ciphers = "ECDHE-RSA-AES128-SHA",
},
{
.desc = "Default client and TLSv1.1 server with ECDHE KEX",
.server_max_version = TLS1_1_VERSION,
.server_ciphers = "ECDHE-RSA-AES128-SHA",
},
{
.desc = "Default client and TLSv1.0 server with ECDHE KEX",
.server_max_version = TLS1_VERSION,
.server_ciphers = "ECDHE-RSA-AES128-SHA",
},
{
.desc = "Default client and default server with DHE KEX",
.server_ciphers = "DHE-RSA-AES128-SHA",
@ -280,16 +262,6 @@ static const struct tls_test tls_tests[] = {
.server_max_version = TLS1_2_VERSION,
.server_ciphers = "DHE-RSA-AES128-SHA",
},
{
.desc = "Default client and TLSv1.1 server with DHE KEX",
.server_max_version = TLS1_1_VERSION,
.server_ciphers = "DHE-RSA-AES128-SHA",
},
{
.desc = "Default client and TLSv1.0 server with DHE KEX",
.server_max_version = TLS1_VERSION,
.server_ciphers = "DHE-RSA-AES128-SHA",
},
{
.desc = "Default client and default server with RSA KEX",
.server_ciphers = "AES128-SHA",
@ -299,73 +271,25 @@ static const struct tls_test tls_tests[] = {
.server_max_version = TLS1_2_VERSION,
.server_ciphers = "AES128-SHA",
},
{
.desc = "Default client and TLSv1.1 server with RSA KEX",
.server_max_version = TLS1_1_VERSION,
.server_ciphers = "AES128-SHA",
},
{
.desc = "Default client and TLSv1.0 server with RSA KEX",
.server_max_version = TLS1_VERSION,
.server_ciphers = "AES128-SHA",
},
{
.desc = "TLSv1.2 client and default server",
.client_max_version = TLS1_2_VERSION,
},
{
.desc = "TLSv1.1 client and default server",
.client_max_version = TLS1_1_VERSION,
},
{
.desc = "TLSv1.0 client and default server",
.client_max_version = TLS1_VERSION,
},
{
.desc = "TLSv1.2 client and default server with ECDHE KEX",
.client_max_version = TLS1_2_VERSION,
.client_ciphers = "ECDHE-RSA-AES128-SHA",
},
{
.desc = "TLSv1.1 client and default server with ECDHE KEX",
.client_max_version = TLS1_1_VERSION,
.client_ciphers = "ECDHE-RSA-AES128-SHA",
},
{
.desc = "TLSv1.0 client and default server with ECDHE KEX",
.client_max_version = TLS1_VERSION,
.client_ciphers = "ECDHE-RSA-AES128-SHA",
},
{
.desc = "TLSv1.2 client and default server with DHE KEX",
.server_max_version = TLS1_2_VERSION,
.client_ciphers = "DHE-RSA-AES128-SHA",
},
{
.desc = "TLSv1.1 client and default server with DHE KEX",
.client_max_version = TLS1_1_VERSION,
.client_ciphers = "DHE-RSA-AES128-SHA",
},
{
.desc = "TLSv1.0 client and default server with DHE KEX",
.client_max_version = TLS1_VERSION,
.client_ciphers = "DHE-RSA-AES128-SHA",
},
{
.desc = "TLSv1.2 client and default server with RSA KEX",
.client_max_version = TLS1_2_VERSION,
.client_ciphers = "AES128-SHA",
},
{
.desc = "TLSv1.1 client and default server with RSA KEX",
.client_max_version = TLS1_1_VERSION,
.client_ciphers = "AES128-SHA",
},
{
.desc = "TLSv1.0 client and default server with RSA KEX",
.client_max_version = TLS1_VERSION,
.client_ciphers = "AES128-SHA",
},
};
#define N_TLS_TESTS (sizeof(tls_tests) / sizeof(*tls_tests))

View file

@ -1,4 +1,4 @@
/* $OpenBSD: tlsexttest.c,v 1.81 2023/04/27 10:53:58 tb Exp $ */
/* $OpenBSD: tlsexttest.c,v 1.82 2023/07/05 17:30:14 tb Exp $ */
/*
* Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@ -1774,8 +1774,11 @@ static const unsigned char tlsext_sni_client[] = {
0x6c, 0x2e, 0x6f, 0x72, 0x67,
};
/* An empty array is an incomplete type and sizeof() is undefined. */
static const unsigned char tlsext_sni_server[] = {
0x00,
};
static size_t tlsext_sni_server_len = 0;
static int
test_tlsext_sni_client(void)
@ -1973,9 +1976,9 @@ test_tlsext_sni_server(void)
if (!CBB_finish(&cbb, &data, &dlen))
errx(1, "failed to finish CBB");
if (dlen != sizeof(tlsext_sni_server)) {
if (dlen != tlsext_sni_server_len) {
FAIL("got server SNI with length %zu, "
"want length %zu\n", dlen, sizeof(tlsext_sni_server));
"want length %zu\n", dlen, tlsext_sni_server_len);
goto err;
}
@ -1984,14 +1987,14 @@ test_tlsext_sni_server(void)
fprintf(stderr, "received:\n");
hexdump(data, dlen);
fprintf(stderr, "test data:\n");
hexdump(tlsext_sni_server, sizeof(tlsext_sni_server));
hexdump(tlsext_sni_server, tlsext_sni_server_len);
goto err;
}
free(ssl->session->tlsext_hostname);
ssl->session->tlsext_hostname = NULL;
CBS_init(&cbs, tlsext_sni_server, sizeof(tlsext_sni_server));
CBS_init(&cbs, tlsext_sni_server, tlsext_sni_server_len);
if (!client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
FAIL("failed to parse server SNI\n");
goto err;
@ -3186,7 +3189,7 @@ test_tlsext_srtp_server(void)
}
#endif /* OPENSSL_NO_SRTP */
unsigned char tlsext_clienthello_default[] = {
static const unsigned char tlsext_clienthello_default[] = {
0x00, 0x34, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00,
0x00, 0x0a, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x1d,
0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x00, 0x23,
@ -3196,7 +3199,11 @@ unsigned char tlsext_clienthello_default[] = {
0x04, 0x03, 0x02, 0x01, 0x02, 0x03,
};
unsigned char tlsext_clienthello_disabled[] = {};
/* An empty array is an incomplete type and sizeof() is undefined. */
static const unsigned char tlsext_clienthello_disabled[] = {
0x00,
};
static size_t tlsext_clienthello_disabled_len = 0;
static int
test_tlsext_clienthello_build(void)
@ -3287,18 +3294,18 @@ test_tlsext_clienthello_build(void)
goto err;
}
if (dlen != sizeof(tlsext_clienthello_disabled)) {
if (dlen != tlsext_clienthello_disabled_len) {
FAIL("got clienthello extensions with length %zu, "
"want length %zu\n", dlen,
sizeof(tlsext_clienthello_disabled));
tlsext_clienthello_disabled_len);
compare_data(data, dlen, tlsext_clienthello_disabled,
sizeof(tlsext_clienthello_disabled));
tlsext_clienthello_disabled_len);
goto err;
}
if (memcmp(data, tlsext_clienthello_disabled, dlen) != 0) {
FAIL("clienthello extensions differs:\n");
compare_data(data, dlen, tlsext_clienthello_disabled,
sizeof(tlsext_clienthello_disabled));
tlsext_clienthello_disabled_len);
goto err;
}

View file

@ -1,4 +1,4 @@
# $OpenBSD: tlsfuzzer.py,v 1.49 2023/06/10 05:00:58 tb Exp $
# $OpenBSD: tlsfuzzer.py,v 1.50 2023/07/02 17:21:33 beck Exp $
#
# Copyright (c) 2020 Theo Buehler <tb@openbsd.org>
#
@ -323,6 +323,8 @@ tls13_unsupported_tests = TestGroup("TLSv1.3 tests for unsupported features", [
tls12_exclude_legacy_protocols = [
# all these have BIO_read timeouts against TLSv1.3
"-e", "Protocol (3, 0)",
"-e", "Protocol (3, 1)",
"-e", "Protocol (3, 2)",
"-e", "Protocol (3, 0) in SSLv2 compatible ClientHello",
# the following only fail with TLSv1.3
"-e", "Protocol (3, 1) in SSLv2 compatible ClientHello",
@ -331,13 +333,20 @@ tls12_exclude_legacy_protocols = [
"-e", "Protocol (3, 1) with x448 group",
"-e", "Protocol (3, 2) with x448 group",
"-e", "Protocol (3, 3) with x448 group",
# These don't work without TLSv1.0 and TLSv1.1
"-e", "Protocol (3, 1) with secp256r1 group",
"-e", "Protocol (3, 1) with secp384r1 group",
"-e", "Protocol (3, 1) with secp521r1 group",
"-e", "Protocol (3, 1) with x25519 group",
"-e", "Protocol (3, 2) with secp256r1 group",
"-e", "Protocol (3, 2) with secp384r1 group",
"-e", "Protocol (3, 2) with secp521r1 group",
"-e", "Protocol (3, 2) with x25519 group",
]
tls12_tests = TestGroup("TLSv1.2 tests", [
# Tests that pass as they are.
Test("test-TLSv1_2-rejected-without-TLSv1_2.py"),
Test("test-aes-gcm-nonces.py"),
Test("test-chacha20.py"),
Test("test-connection-abort.py"),
Test("test-conversation.py"),
Test("test-cve-2016-2107.py"),
@ -386,13 +395,30 @@ tls12_tests = TestGroup("TLSv1.2 tests", [
]
),
Test("test-dhe-key-share-random.py", tls12_exclude_legacy_protocols),
Test("test-export-ciphers-rejected.py", ["--min-ver", "TLSv1.0"]),
Test("test-export-ciphers-rejected.py", ["--min-ver", "TLSv1.2"]),
Test(
"test-downgrade-protection.py",
tls12_args = ["--server-max-protocol", "TLSv1.2"],
tls13_args = ["--server-max-protocol", "TLSv1.3"],
tls13_args = [
"--server-max-protocol", "TLSv1.3",
"-e", "TLS 1.3 downgrade check for Protocol (3, 1)",
"-e", "TLS 1.3 downgrade check for Protocol (3, 2)",
]
),
Test(
"test-fallback-scsv.py",
tls13_args = [
"--tls-1.3",
"-e", "FALLBACK - hello TLSv1.1 - pos 0",
"-e", "FALLBACK - hello TLSv1.1 - pos 1",
"-e", "FALLBACK - hello TLSv1.1 - pos 2",
"-e", "FALLBACK - record TLSv1.1 hello TLSv1.1 - pos 0",
"-e", "FALLBACK - record TLSv1.1 hello TLSv1.1 - pos 1",
"-e", "FALLBACK - record TLSv1.1 hello TLSv1.1 - pos 2",
"-e", "record TLSv1.1 hello TLSv1.1",
"-e", "sanity - TLSv1.1",
]
),
Test("test-fallback-scsv.py", tls13_args = ["--tls-1.3"] ),
Test("test-invalid-compression-methods.py", [
"-x", "invalid compression methods",
@ -412,6 +438,8 @@ tls12_tests = TestGroup("TLSv1.2 tests", [
Test("test-sig-algs-renegotiation-resumption.py", ["--sig-algs-drop-ok"]),
Test("test-serverhello-random.py", args = tls12_exclude_legacy_protocols),
Test("test-chacha20.py", [ "-e", "Chacha20 in TLS1.1" ]),
])
tls12_slow_tests = TestGroup("slow TLSv1.2 tests", [
@ -549,6 +577,9 @@ tls12_failing_tests = TestGroup("failing TLSv1.2 tests", [
# x448 tests need disabling plus x25519 corner cases need sorting out
Test("test-x25519.py"),
# Needs TLS 1.0 or 1.1
Test("test-TLSv1_2-rejected-without-TLSv1_2.py"),
])
tls12_unsupported_tests = TestGroup("TLSv1.2 for unsupported features", [

View file

@ -1,4 +1,4 @@
/* $OpenBSD: ssl_versions.c,v 1.19 2022/11/26 16:08:57 tb Exp $ */
/* $OpenBSD: ssl_versions.c,v 1.20 2023/07/02 17:21:33 beck Exp $ */
/*
* Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
*
@ -32,43 +32,43 @@ static struct version_range_test version_range_tests[] = {
.options = 0,
.minver = TLS1_VERSION,
.maxver = TLS1_3_VERSION,
.want_minver = TLS1_VERSION,
.want_minver = TLS1_2_VERSION,
.want_maxver = TLS1_3_VERSION,
},
{
.options = 0,
.minver = TLS1_VERSION,
.maxver = TLS1_2_VERSION,
.want_minver = TLS1_VERSION,
.want_minver = TLS1_2_VERSION,
.want_maxver = TLS1_2_VERSION,
},
{
.options = SSL_OP_NO_TLSv1,
.minver = TLS1_VERSION,
.maxver = TLS1_2_VERSION,
.want_minver = TLS1_1_VERSION,
.want_minver = TLS1_2_VERSION,
.want_maxver = TLS1_2_VERSION,
},
{
.options = SSL_OP_NO_TLSv1_3,
.minver = TLS1_VERSION,
.maxver = TLS1_3_VERSION,
.want_minver = TLS1_VERSION,
.want_minver = TLS1_2_VERSION,
.want_maxver = TLS1_2_VERSION,
},
{
.options = SSL_OP_NO_TLSv1_2,
.minver = TLS1_VERSION,
.maxver = TLS1_2_VERSION,
.want_minver = TLS1_VERSION,
.want_maxver = TLS1_1_VERSION,
.want_minver = 0,
.want_maxver = 0,
},
{
.options = SSL_OP_NO_TLSv1_1,
.minver = TLS1_VERSION,
.maxver = TLS1_2_VERSION,
.want_minver = TLS1_VERSION,
.want_maxver = TLS1_VERSION,
.want_minver = TLS1_2_VERSION,
.want_maxver = TLS1_2_VERSION,
},
{
.options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1,
@ -81,15 +81,15 @@ static struct version_range_test version_range_tests[] = {
.options = SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2,
.minver = TLS1_VERSION,
.maxver = TLS1_2_VERSION,
.want_minver = TLS1_VERSION,
.want_maxver = TLS1_VERSION,
.want_minver = 0,
.want_maxver = 0,
},
{
.options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_2,
.minver = TLS1_VERSION,
.maxver = TLS1_2_VERSION,
.want_minver = TLS1_1_VERSION,
.want_maxver = TLS1_1_VERSION,
.want_minver = 0,
.want_maxver = 0,
},
{
.options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 |
@ -119,14 +119,14 @@ static struct version_range_test version_range_tests[] = {
.options = 0,
.minver = TLS1_VERSION,
.maxver = TLS1_2_VERSION,
.want_minver = TLS1_VERSION,
.want_minver = TLS1_2_VERSION,
.want_maxver = TLS1_2_VERSION,
},
{
.options = 0,
.minver = TLS1_1_VERSION,
.maxver = TLS1_2_VERSION,
.want_minver = TLS1_1_VERSION,
.want_minver = TLS1_2_VERSION,
.want_maxver = TLS1_2_VERSION,
},
{
@ -140,14 +140,14 @@ static struct version_range_test version_range_tests[] = {
.options = 0,
.minver = TLS1_VERSION,
.maxver = TLS1_3_VERSION,
.want_minver = TLS1_VERSION,
.want_minver = TLS1_2_VERSION,
.want_maxver = TLS1_3_VERSION,
},
{
.options = 0,
.minver = TLS1_1_VERSION,
.maxver = TLS1_3_VERSION,
.want_minver = TLS1_1_VERSION,
.want_minver = TLS1_2_VERSION,
.want_maxver = TLS1_3_VERSION,
},
{
@ -168,15 +168,15 @@ static struct version_range_test version_range_tests[] = {
.options = 0,
.minver = TLS1_VERSION,
.maxver = TLS1_1_VERSION,
.want_minver = TLS1_VERSION,
.want_maxver = TLS1_1_VERSION,
.want_minver = 0,
.want_maxver = 0,
},
{
.options = 0,
.minver = TLS1_VERSION,
.maxver = TLS1_VERSION,
.want_minver = TLS1_VERSION,
.want_maxver = TLS1_VERSION,
.want_minver = 0,
.want_maxver = 0,
},
};
@ -276,7 +276,7 @@ static struct shared_version_test shared_version_tests[] = {
.minver = TLS1_VERSION,
.maxver = TLS1_2_VERSION,
.peerver = TLS1_VERSION,
.want_maxver = TLS1_VERSION,
.want_maxver = 0,
},
{
.ssl_method = TLS_method,
@ -284,7 +284,7 @@ static struct shared_version_test shared_version_tests[] = {
.minver = TLS1_VERSION,
.maxver = TLS1_2_VERSION,
.peerver = TLS1_1_VERSION,
.want_maxver = TLS1_1_VERSION,
.want_maxver = 0,
},
{
.ssl_method = TLS_method,
@ -316,7 +316,7 @@ static struct shared_version_test shared_version_tests[] = {
.minver = TLS1_VERSION,
.maxver = TLS1_2_VERSION,
.peerver = TLS1_2_VERSION,
.want_maxver = TLS1_1_VERSION,
.want_maxver = 0,
},
{
.ssl_method = TLS_method,
@ -324,7 +324,7 @@ static struct shared_version_test shared_version_tests[] = {
.minver = TLS1_VERSION,
.maxver = TLS1_2_VERSION,
.peerver = TLS1_2_VERSION,
.want_maxver = TLS1_VERSION,
.want_maxver = 0,
},
{
.ssl_method = TLS_method,
@ -340,7 +340,7 @@ static struct shared_version_test shared_version_tests[] = {
.minver = TLS1_VERSION,
.maxver = TLS1_2_VERSION,
.peerver = TLS1_1_VERSION,
.want_maxver = TLS1_1_VERSION,
.want_maxver = 0,
},
{
.ssl_method = TLS_method,
@ -356,7 +356,7 @@ static struct shared_version_test shared_version_tests[] = {
.minver = TLS1_VERSION,
.maxver = TLS1_2_VERSION,
.peerver = TLS1_1_VERSION,
.want_maxver = TLS1_VERSION,
.want_maxver = 0,
},
{
.ssl_method = TLS_method,
@ -372,7 +372,7 @@ static struct shared_version_test shared_version_tests[] = {
.minver = TLS1_VERSION,
.maxver = TLS1_1_VERSION,
.peerver = TLS1_2_VERSION,
.want_maxver = TLS1_1_VERSION,
.want_maxver = 0,
},
{
.ssl_method = TLS_method,
@ -380,7 +380,7 @@ static struct shared_version_test shared_version_tests[] = {
.minver = TLS1_VERSION,
.maxver = TLS1_VERSION,
.peerver = TLS1_2_VERSION,
.want_maxver = TLS1_VERSION,
.want_maxver = 0,
},
{
.ssl_method = TLSv1_method,
@ -388,7 +388,7 @@ static struct shared_version_test shared_version_tests[] = {
.minver = TLS1_VERSION,
.maxver = TLS1_2_VERSION,
.peerver = TLS1_VERSION,
.want_maxver = TLS1_VERSION,
.want_maxver = 0,
},
{
.ssl_method = TLSv1_method,
@ -404,7 +404,7 @@ static struct shared_version_test shared_version_tests[] = {
.minver = TLS1_VERSION,
.maxver = TLS1_2_VERSION,
.peerver = TLS1_1_VERSION,
.want_maxver = TLS1_1_VERSION,
.want_maxver = 0,
},
{
.ssl_method = DTLS_method,
@ -412,7 +412,7 @@ static struct shared_version_test shared_version_tests[] = {
.minver = TLS1_1_VERSION,
.maxver = TLS1_2_VERSION,
.peerver = DTLS1_VERSION,
.want_maxver = DTLS1_VERSION,
.want_maxver = 0,
},
{
.ssl_method = DTLS_method,
@ -436,7 +436,7 @@ static struct shared_version_test shared_version_tests[] = {
.minver = TLS1_1_VERSION,
.maxver = TLS1_1_VERSION,
.peerver = DTLS1_2_VERSION,
.want_maxver = DTLS1_VERSION,
.want_maxver = 0,
},
{
.ssl_method = DTLSv1_2_method,
@ -476,7 +476,7 @@ static struct shared_version_test shared_version_tests[] = {
.minver = TLS1_1_VERSION,
.maxver = TLS1_2_VERSION,
.peerver = DTLS1_2_VERSION,
.want_maxver = DTLS1_VERSION,
.want_maxver = 0,
},
};