2dc0204603
This is in preparation for using the supported_versions extension to
experiment with draft TLS 1.3 versions, since we don't wish to restore
the fallback. With versions begin opaque values, we will want
version_from_wire to reject unknown values, not attempt to preserve
order in some way.
This means ClientHello.version processing needs to be separate code.
That's just written out fully in negotiate_version now. It also means
SSL_set_{min,max}_version will notice invalid inputs which aligns us
better with upstream's versions of those APIs.
This CL doesn't replace ssl->version with an internal-representation
version, though follow work should do it once a couple of changes land
in consumers.
BUG=90
Change-Id: Id2f5e1fa72847c823ee7f082e9e69f55e51ce9da
Reviewed-on: https://boringssl-review.googlesource.com/11122
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
|
||
|---|---|---|
| .. | ||
| args.cc | ||
| ciphers.cc | ||
| client.cc | ||
| CMakeLists.txt | ||
| const.cc | ||
| digest.cc | ||
| generate_ed25519.cc | ||
| genrsa.cc | ||
| internal.h | ||
| pkcs12.cc | ||
| rand.cc | ||
| server.cc | ||
| speed.cc | ||
| tool.cc | ||
| transport_common.cc | ||
| transport_common.h | ||