From a43174e7e089fec289f532d2a85157d1d155a922 Mon Sep 17 00:00:00 2001 From: Steve Kim Date: Fri, 25 Oct 2024 12:07:09 -0700 Subject: [PATCH] actually set min tls version to 1.1 in test --- tests/CMakeLists.txt | 2 +- tests/tls_handler_test.c | 10 +++++++--- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index b55eb3327..0adc1d378 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -229,9 +229,9 @@ if(NOT BYO_CRYPTO) if(NOT AWS_USE_SECITEM) # SecItem does not allow use of depricated TLS versions add_net_test_case(tls_client_channel_negotiation_override_legacy_crypto_tls10) + add_net_test_case(tls_client_channel_negotiation_success_legacy_crypto_tls11) endif() add_net_test_case(tls_client_channel_negotiation_error_override_legacy_crypto_tls11) - add_net_test_case(tls_client_channel_negotiation_success_legacy_crypto_tls11) endif() # Badssl - Secure uncommon suite diff --git a/tests/tls_handler_test.c b/tests/tls_handler_test.c index b2d61ceeb..72728939e 100644 --- a/tests/tls_handler_test.c +++ b/tests/tls_handler_test.c @@ -1515,7 +1515,7 @@ AWS_TEST_CASE( tls_client_channel_negotiation_no_verify_untrusted_root, s_tls_client_channel_negotiation_no_verify_untrusted_root_fn) -static void s_lower_tls_version(struct aws_tls_ctx_options *options) { +static void s_lower_tls_version_to_tls10(struct aws_tls_ctx_options *options) { aws_tls_ctx_options_set_minimum_tls_version(options, AWS_IO_TLSv1); } @@ -1523,16 +1523,20 @@ static int s_tls_client_channel_negotiation_override_legacy_crypto_tls10_fn( struct aws_allocator *allocator, void *ctx) { (void)ctx; - return s_verify_good_host(allocator, s_legacy_crypto_tls10_host_name, 1010, &s_lower_tls_version); + return s_verify_good_host(allocator, s_legacy_crypto_tls10_host_name, 1010, &s_lower_tls_version_to_tls10); } AWS_TEST_CASE( tls_client_channel_negotiation_override_legacy_crypto_tls10, s_tls_client_channel_negotiation_override_legacy_crypto_tls10_fn) +static void s_lower_tls_version_to_tls11(struct aws_tls_ctx_options *options) { + aws_tls_ctx_options_set_minimum_tls_version(options, AWS_IO_TLSv1_1); +} + static int s_tls_client_channel_negotiation_success_legacy_crypto_tls11_fn(struct aws_allocator *allocator, void *ctx) { (void)ctx; - return s_verify_good_host(allocator, s_legacy_crypto_tls11_host_name, 1011, NULL); + return s_verify_good_host(allocator, s_legacy_crypto_tls11_host_name, 1011, &s_lower_tls_version_to_tls11); } AWS_TEST_CASE(