Fix BoGo HelloVerifyRequest version handling.

3c6a1ea674 switched what layer handled the DTLS version mapping but forgot to correct the HelloVerifyRequest logic to account for this. Thanks to Jed Davis for noticing this. Change-Id: I94ea18fc43a7ba15dd7250bfbcf44dbb3361b3ce Reviewed-on: https://boringssl-review.googlesource.com/11984 Reviewed-by: David Benjamin <davidben@google.com>
2016-10-31 19:23:34 -04:00 · 2016-10-31 19:23:34 -04:00 · da4789e412
commit da4789e412
parent 4e41926774
2 changed files with 2 additions and 2 deletions
--- a/ssl/test/runner/handshake_client.go
+++ b/ssl/test/runner/handshake_client.go
@ -346,7 +346,7 @@ NextCipherSuite:
 	if c.isDTLS {
 		helloVerifyRequest, ok := msg.(*helloVerifyRequestMsg)
 		if ok {
-			if helloVerifyRequest.vers != VersionTLS10 {
+			if helloVerifyRequest.vers != versionToWire(VersionTLS10, c.isDTLS) {
 				// Per RFC 6347, the version field in
 				// HelloVerifyRequest SHOULD be always DTLS
 				// 1.0. Enforce this for testing purposes.
--- a/ssl/test/runner/handshake_server.go
+++ b/ssl/test/runner/handshake_server.go
@ -158,7 +158,7 @@ func (hs *serverHandshakeState) readClientHello() error {
 		// Per RFC 6347, the version field in HelloVerifyRequest SHOULD
 		// be always DTLS 1.0
 		helloVerifyRequest := &helloVerifyRequestMsg{
-			vers:   VersionTLS10,
+			vers:   versionToWire(VersionTLS10, c.isDTLS),
 			cookie: make([]byte, 32),
 		}
 		if _, err := io.ReadFull(c.config.rand(), helloVerifyRequest.cookie); err != nil {