From c63a1e0e153989c2dddf83324c476026a204903e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 13 Jan 2022 01:10:24 +0100 Subject: [PATCH] Fix mbedtls_ssl_get_version() for TLSv1.3 Test it in ssl-opt.sh. Signed-off-by: Gilles Peskine --- ChangeLog.d/ssl_get_version_1_3.txt | 2 ++ library/ssl_tls.c | 3 ++- tests/ssl-opt.sh | 1 + 3 files changed, 5 insertions(+), 1 deletion(-) create mode 100644 ChangeLog.d/ssl_get_version_1_3.txt diff --git a/ChangeLog.d/ssl_get_version_1_3.txt b/ChangeLog.d/ssl_get_version_1_3.txt new file mode 100644 index 000000000..4436522b6 --- /dev/null +++ b/ChangeLog.d/ssl_get_version_1_3.txt @@ -0,0 +1,2 @@ +Bugfix + * Fix mbedtls_ssl_get_version() not reporting TLSv1.3. Fixes #5406. diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 436e15c14..adb18ab6c 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2241,7 +2241,8 @@ const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl ) { case MBEDTLS_SSL_MINOR_VERSION_3: return( "TLSv1.2" ); - + case MBEDTLS_SSL_MINOR_VERSION_4: + return( "TLSv1.3" ); default: return( "unknown" ); } diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index dd05716ed..0548c14ba 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -9668,6 +9668,7 @@ run_test "TLS 1.3: minimal feature sets - openssl" \ -c "<= parse certificate verify" \ -c "mbedtls_ssl_tls13_process_certificate_verify() returned 0" \ -c "<= parse finished message" \ + -c "Protocol is TLSv1.3" \ -c "HTTP/1.0 200 ok" requires_gnutls_tls1_3