actually set min tls version to 1.1 in test

awslabs · Oct 25, 2024 · a43174e · a43174e
1 parent d4c3a2c
commit a43174e
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 4 deletions.
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
@@ -229,9 +229,9 @@ if(NOT BYO_CRYPTO)
         if(NOT AWS_USE_SECITEM)
         # SecItem does not allow use of depricated TLS versions
         add_net_test_case(tls_client_channel_negotiation_override_legacy_crypto_tls10)
+        add_net_test_case(tls_client_channel_negotiation_success_legacy_crypto_tls11)
         endif()
         add_net_test_case(tls_client_channel_negotiation_error_override_legacy_crypto_tls11)
-        add_net_test_case(tls_client_channel_negotiation_success_legacy_crypto_tls11)
     endif()
 
     # Badssl - Secure uncommon suite

diff --git a/tests/tls_handler_test.c b/tests/tls_handler_test.c
@@ -1515,24 +1515,28 @@ AWS_TEST_CASE(
     tls_client_channel_negotiation_no_verify_untrusted_root,
     s_tls_client_channel_negotiation_no_verify_untrusted_root_fn)
 
-static void s_lower_tls_version(struct aws_tls_ctx_options *options) {
+static void s_lower_tls_version_to_tls10(struct aws_tls_ctx_options *options) {
     aws_tls_ctx_options_set_minimum_tls_version(options, AWS_IO_TLSv1);
 }
 
 static int s_tls_client_channel_negotiation_override_legacy_crypto_tls10_fn(
     struct aws_allocator *allocator,
     void *ctx) {
     (void)ctx;
-    return s_verify_good_host(allocator, s_legacy_crypto_tls10_host_name, 1010, &s_lower_tls_version);
+    return s_verify_good_host(allocator, s_legacy_crypto_tls10_host_name, 1010, &s_lower_tls_version_to_tls10);
 }
 
 AWS_TEST_CASE(
     tls_client_channel_negotiation_override_legacy_crypto_tls10,
     s_tls_client_channel_negotiation_override_legacy_crypto_tls10_fn)
 
+static void s_lower_tls_version_to_tls11(struct aws_tls_ctx_options *options) {
+    aws_tls_ctx_options_set_minimum_tls_version(options, AWS_IO_TLSv1_1);
+}
+
 static int s_tls_client_channel_negotiation_success_legacy_crypto_tls11_fn(struct aws_allocator *allocator, void *ctx) {
     (void)ctx;
-    return s_verify_good_host(allocator, s_legacy_crypto_tls11_host_name, 1011, NULL);
+    return s_verify_good_host(allocator, s_legacy_crypto_tls11_host_name, 1011, &s_lower_tls_version_to_tls11);
 }
 
 AWS_TEST_CASE(