diff options
author | David Benjamin <davidben@google.com> | 2016-09-20 02:57:37 +0300 |
---|---|---|
committer | CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> | 2016-09-21 22:51:45 +0300 |
commit | 2dc0204603f777597e2f97662e42887d1af5013f (patch) | |
tree | 51be5e0d7c4e766c6a5d08bccaa7c961338d0c15 /tool/server.cc | |
parent | c027999c28db2f448ea5795798080f6a5aaa01d6 (diff) |
Don't return invalid versions in version_from_wire.
This is in preparation for using the supported_versions extension to
experiment with draft TLS 1.3 versions, since we don't wish to restore
the fallback. With versions begin opaque values, we will want
version_from_wire to reject unknown values, not attempt to preserve
order in some way.
This means ClientHello.version processing needs to be separate code.
That's just written out fully in negotiate_version now. It also means
SSL_set_{min,max}_version will notice invalid inputs which aligns us
better with upstream's versions of those APIs.
This CL doesn't replace ssl->version with an internal-representation
version, though follow work should do it once a couple of changes land
in consumers.
BUG=90
Change-Id: Id2f5e1fa72847c823ee7f082e9e69f55e51ce9da
Reviewed-on: https://boringssl-review.googlesource.com/11122
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Diffstat (limited to 'tool/server.cc')
-rw-r--r-- | tool/server.cc | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/tool/server.cc b/tool/server.cc index e0aeb134..b4a4eb13 100644 --- a/tool/server.cc +++ b/tool/server.cc @@ -133,7 +133,9 @@ bool Server(const std::vector<std::string> &args) { args_map["-max-version"].c_str()); return false; } - SSL_CTX_set_max_version(ctx, version); + if (!SSL_CTX_set_max_version(ctx, version)) { + return false; + } } if (args_map.count("-min-version") != 0) { @@ -143,7 +145,9 @@ bool Server(const std::vector<std::string> &args) { args_map["-min-version"].c_str()); return false; } - SSL_CTX_set_min_version(ctx, version); + if (!SSL_CTX_set_min_version(ctx, version)) { + return false; + } } if (args_map.count("-ocsp-response") != 0 && |