Enhance ssltestlib's create_ssl_ctx_pair to take min and max proto version

Have all test programs using that function specify those versions.
Additionally, have the remaining test programs that use SSL_CTX_new
directly specify at least the maximum protocol version.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5663)

diff --git a/test/asynciotest.c b/test/asynciotest.c
index 179fe2620d13221b5d21305449133e5ed2a03a5f..8d15fcb84d141544898a12c51d27021eccfe28b1 100644 (file)
--- a/test/asynciotest.c
+++ b/test/asynciotest.c
@@ -299,7 +299,8 @@ static int test_asyncio(int test)
     char buf[sizeof(testdata)];
 
     if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
-                             &serverctx, &clientctx, cert, privkey)))
+                                       TLS1_VERSION, TLS_MAX_VERSION,
+                                       &serverctx, &clientctx, cert, privkey)))
         goto end;
 
     /*

diff --git a/test/clienthellotest.c b/test/clienthellotest.c
index 5eded83bda1ce8152f792edc0e55f027145db5f2..10e3b1b1b172408e7fffcbb893d5c4453cc3d44d 100644 (file)
--- a/test/clienthellotest.c
+++ b/test/clienthellotest.c
@@ -78,6 +78,8 @@ static int test_client_hello(int currtest)
     ctx = SSL_CTX_new(TLS_method());
     if (!TEST_ptr(ctx))
         goto end;
+    if (!TEST_true(SSL_CTX_set_max_proto_version(ctx, TLS_MAX_VERSION)))
+        goto end;
 
     switch(currtest) {
     case TEST_SET_SESSION_TICK_DATA_VER_NEG:

diff --git a/test/dtlstest.c b/test/dtlstest.c
index 7e511f7d6f9e7484cc587003ceab5bfc98e0000f..f4f9924a868dbbcb71a19a1b89e1acda1b5be2ed 100644 (file)
--- a/test/dtlstest.c
+++ b/test/dtlstest.c
@@ -61,8 +61,9 @@ static int test_dtls_unprocessed(int testidx)
     timer_cb_count = 0;
 
     if (!TEST_true(create_ssl_ctx_pair(DTLS_server_method(),
-                                       DTLS_client_method(), &sctx,
-                                       &cctx, cert, privkey)))
+                                       DTLS_client_method(),
+                                       DTLS1_VERSION, DTLS_MAX_VERSION,
+                                       &sctx, &cctx, cert, privkey)))
         return 0;
 
     if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "AES128-SHA")))

diff --git a/test/fatalerrtest.c b/test/fatalerrtest.c
index 85b11c84aa313e281b99a82c4c5fc98600b1a8e9..d3a23e5f3dc0564f8e5310046dff895b92889df6 100644 (file)
--- a/test/fatalerrtest.c
+++ b/test/fatalerrtest.c
@@ -28,8 +28,9 @@ static int test_fatalerr(void)
         0x17, 0x03, 0x03, 0x00, 0x05, 'D', 'u', 'm', 'm', 'y'
     };
 
-    if (!TEST_true(create_ssl_ctx_pair(TLS_method(), TLS_method(), &sctx, &cctx,
-                                       cert, privkey)))
+    if (!TEST_true(create_ssl_ctx_pair(TLS_method(), TLS_method(),
+                                       TLS1_VERSION, TLS_MAX_VERSION,
+                                       &sctx, &cctx, cert, privkey)))
         goto err;
 
     /*

diff --git a/test/recordlentest.c b/test/recordlentest.c
index 824c09fc34c48f8b7e5ec0f85ed80f7bcf65ef7c..17e5499db74f48446d8141300daf8425d17f49e4 100644 (file)
--- a/test/recordlentest.c
+++ b/test/recordlentest.c
@@ -103,6 +103,7 @@ static int test_record_overflow(int idx)
     ERR_clear_error();
 
     if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
+                                       TLS1_VERSION, TLS_MAX_VERSION,
                                        &sctx, &cctx, cert, privkey)))
         goto end;
 

diff --git a/test/ssl_test.c b/test/ssl_test.c
index 778c3303131f38bb5dec9175be46d75fa418ac38..ddb338bb673f98f14bfe0e9a212fce2ff5d2fd45 100644 (file)
--- a/test/ssl_test.c
+++ b/test/ssl_test.c
@@ -406,15 +406,27 @@ static int test_handshake(int idx)
 #ifndef OPENSSL_NO_DTLS
     if (test_ctx->method == SSL_TEST_METHOD_DTLS) {
         server_ctx = SSL_CTX_new(DTLS_server_method());
+        if (!TEST_true(SSL_CTX_set_max_proto_version(server_ctx,
+                                                     DTLS_MAX_VERSION)))
+            goto err;
         if (test_ctx->extra.server.servername_callback !=
             SSL_TEST_SERVERNAME_CB_NONE) {
             if (!TEST_ptr(server2_ctx = SSL_CTX_new(DTLS_server_method())))
                 goto err;
         }
         client_ctx = SSL_CTX_new(DTLS_client_method());
+        if (!TEST_true(SSL_CTX_set_max_proto_version(client_ctx,
+                                                     DTLS_MAX_VERSION)))
+            goto err;
         if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) {
             resume_server_ctx = SSL_CTX_new(DTLS_server_method());
+            if (!TEST_true(SSL_CTX_set_max_proto_version(resume_server_ctx,
+                                                         DTLS_MAX_VERSION)))
+                goto err;
             resume_client_ctx = SSL_CTX_new(DTLS_client_method());
+            if (!TEST_true(SSL_CTX_set_max_proto_version(resume_client_ctx,
+                                                         DTLS_MAX_VERSION)))
+                goto err;
             if (!TEST_ptr(resume_server_ctx)
                     || !TEST_ptr(resume_client_ctx))
                 goto err;
@@ -423,17 +435,32 @@ static int test_handshake(int idx)
 #endif
     if (test_ctx->method == SSL_TEST_METHOD_TLS) {
         server_ctx = SSL_CTX_new(TLS_server_method());
+        if (!TEST_true(SSL_CTX_set_max_proto_version(server_ctx,
+                                                     TLS_MAX_VERSION)))
+            goto err;
         /* SNI on resumption isn't supported/tested yet. */
         if (test_ctx->extra.server.servername_callback !=
             SSL_TEST_SERVERNAME_CB_NONE) {
             if (!TEST_ptr(server2_ctx = SSL_CTX_new(TLS_server_method())))
                 goto err;
+            if (!TEST_true(SSL_CTX_set_max_proto_version(server2_ctx,
+                                                         TLS_MAX_VERSION)))
+                goto err;
         }
         client_ctx = SSL_CTX_new(TLS_client_method());
+        if (!TEST_true(SSL_CTX_set_max_proto_version(client_ctx,
+                                                     TLS_MAX_VERSION)))
+            goto err;
 
         if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) {
             resume_server_ctx = SSL_CTX_new(TLS_server_method());
+            if (!TEST_true(SSL_CTX_set_max_proto_version(resume_server_ctx,
+                                                     TLS_MAX_VERSION)))
+                goto err;
             resume_client_ctx = SSL_CTX_new(TLS_client_method());
+            if (!TEST_true(SSL_CTX_set_max_proto_version(resume_client_ctx,
+                                                         TLS_MAX_VERSION)))
+                goto err;
             if (!TEST_ptr(resume_server_ctx)
                     || !TEST_ptr(resume_client_ctx))
                 goto err;

diff --git a/test/sslapitest.c b/test/sslapitest.c
index a0da25f246e0f135f96440727bdc3a8fe009d10f..3dcf7353259ab5260871d00c50ccd85add3f88ee 100644 (file)
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -272,6 +272,7 @@ static int test_keylog(void)
 
     if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
                                        TLS_client_method(),
+                                       TLS1_VERSION, TLS_MAX_VERSION,
                                        &sctx, &cctx, cert, privkey)))
         return 0;
 
@@ -349,9 +350,9 @@ static int test_keylog_no_master_key(void)
     server_log_buffer_index = 0;
     error_writing_log = 0;
 
-    if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
-                             TLS_client_method(), &sctx,
-                             &cctx, cert, privkey)))
+    if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
+                                       TLS1_VERSION, TLS_MAX_VERSION,
+                                       &sctx, &cctx, cert, privkey)))
         return 0;
 
     if (!TEST_true(SSL_CTX_get_keylog_callback(cctx) == NULL)
@@ -452,9 +453,9 @@ static int test_client_hello_cb(void)
     SSL *clientssl = NULL, *serverssl = NULL;
     int testctr = 0, testresult = 0;
 
-    if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
-                                       TLS_client_method(), &sctx,
-                                       &cctx, cert, privkey)))
+    if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
+                                       TLS1_VERSION, TLS_MAX_VERSION,
+                                       &sctx, &cctx, cert, privkey)))
         goto end;
     SSL_CTX_set_client_hello_cb(sctx, full_client_hello_callback, &testctr);
 
@@ -490,7 +491,9 @@ end:
 #endif
 
 static int execute_test_large_message(const SSL_METHOD *smeth,
-                                      const SSL_METHOD *cmeth, int read_ahead)
+                                      const SSL_METHOD *cmeth,
+                                      int min_version, int max_version,
+                                      int read_ahead)
 {
     SSL_CTX *cctx = NULL, *sctx = NULL;
     SSL *clientssl = NULL, *serverssl = NULL;
@@ -508,8 +511,8 @@ static int execute_test_large_message(const SSL_METHOD *smeth,
     if (!TEST_ptr(chaincert))
         goto end;
 
-    if (!TEST_true(create_ssl_ctx_pair(smeth, cmeth, &sctx,
-                                       &cctx, cert, privkey)))
+    if (!TEST_true(create_ssl_ctx_pair(smeth, cmeth, min_version, max_version,
+                                       &sctx, &cctx, cert, privkey)))
         goto end;
 
     if (read_ahead) {
@@ -566,12 +569,14 @@ static int execute_test_large_message(const SSL_METHOD *smeth,
 static int test_large_message_tls(void)
 {
     return execute_test_large_message(TLS_server_method(), TLS_client_method(),
+                                      TLS1_VERSION, TLS_MAX_VERSION,
                                       0);
 }
 
 static int test_large_message_tls_read_ahead(void)
 {
     return execute_test_large_message(TLS_server_method(), TLS_client_method(),
+                                      TLS1_VERSION, TLS_MAX_VERSION,
                                       1);
 }
 
@@ -583,7 +588,9 @@ static int test_large_message_dtls(void)
      * read_ahead is set.
      */
     return execute_test_large_message(DTLS_server_method(),
-                                      DTLS_client_method(), 0);
+                                      DTLS_client_method(),
+                                      DTLS1_VERSION, DTLS_MAX_VERSION,
+                                      0);
 }
 #endif
 
@@ -642,8 +649,9 @@ static int test_tlsext_status_type(void)
     OCSP_RESPID *id = NULL;
     BIO *certbio = NULL;
 
-    if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), &sctx,
-                             &cctx, cert, privkey))
+    if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
+                             TLS1_VERSION, TLS_MAX_VERSION,
+                             &sctx, &cctx, cert, privkey))
         return 0;
 
     if (SSL_CTX_get_tlsext_status_type(cctx) != -1)
@@ -806,9 +814,9 @@ static int execute_test_session(int maxprot, int use_int_cache,
 
     new_called = remove_called = 0;
 
-    if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
-                                       TLS_client_method(), &sctx,
-                                       &cctx, cert, privkey)))
+    if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
+                                       TLS1_VERSION, TLS_MAX_VERSION,
+                                       &sctx, &cctx, cert, privkey)))
         return 0;
 
     /*
@@ -1341,9 +1349,9 @@ static int test_set_sigalgs(int idx)
     curr = testctx ? &testsigalgs[idx]
                    : &testsigalgs[idx - OSSL_NELEM(testsigalgs)];
 
-    if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
-                                       TLS_client_method(), &sctx,
-                                       &cctx, cert, privkey)))
+    if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
+                                       TLS1_VERSION, TLS_MAX_VERSION,
+                                       &sctx, &cctx, cert, privkey)))
         return 0;
 
     /*
@@ -1558,9 +1566,9 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity,
 static int setupearly_data_test(SSL_CTX **cctx, SSL_CTX **sctx, SSL **clientssl,
                                 SSL **serverssl, SSL_SESSION **sess, int idx)
 {
-    if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
-                                       TLS_client_method(), sctx,
-                                       cctx, cert, privkey))
+    if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
+                                       TLS1_VERSION, TLS_MAX_VERSION,
+                                       sctx, cctx, cert, privkey))
         || !TEST_true(SSL_CTX_set_max_early_data(*sctx,
                                                  SSL3_RT_MAX_PLAIN_LENGTH))
         || !TEST_true(SSL_CTX_set_max_early_data(*cctx,
@@ -2440,9 +2448,9 @@ static int test_ciphersuite_change(void)
     const SSL_CIPHER *aes_128_gcm_sha256 = NULL;
 
     /* Create a session based on SHA-256 */
-    if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
-                                       TLS_client_method(), &sctx,
-                                       &cctx, cert, privkey))
+    if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
+                                       TLS1_VERSION, TLS_MAX_VERSION,
+                                       &sctx, &cctx, cert, privkey))
             || !TEST_true(SSL_CTX_set_ciphersuites(cctx,
                                                    "TLS_AES_128_GCM_SHA256"))
             || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
@@ -2573,9 +2581,9 @@ static int test_tls13_psk(int idx)
     };
     int testresult = 0;
 
-    if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
-                                       TLS_client_method(), &sctx,
-                                       &cctx, cert, privkey)))
+    if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
+                                       TLS1_VERSION, TLS_MAX_VERSION,
+                                       &sctx, &cctx, cert, privkey)))
         goto end;
 
     /*
@@ -2808,9 +2816,9 @@ static int test_stateless(void)
     SSL *serverssl = NULL, *clientssl = NULL;
     int testresult = 0;
 
-    if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
-                                       TLS_client_method(), &sctx,
-                                       &cctx, cert, privkey)))
+    if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
+                                       TLS1_VERSION, TLS_MAX_VERSION,
+                                       &sctx, &cctx, cert, privkey)))
         goto end;
 
     /* The arrival of CCS messages can confuse the test */
@@ -3032,14 +3040,15 @@ static int test_custom_exts(int tst)
     clntaddnewcb = clntparsenewcb = srvaddnewcb = srvparsenewcb = 0;
     snicb = 0;
 
-    if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
-                                       TLS_client_method(), &sctx,
-                                       &cctx, cert, privkey)))
+    if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
+                                       TLS1_VERSION, TLS_MAX_VERSION,
+                                       &sctx, &cctx, cert, privkey)))
         goto end;
 
     if (tst == 2
-            && !TEST_true(create_ssl_ctx_pair(TLS_server_method(), NULL, &sctx2,
-                                              NULL, cert, privkey)))
+            && !TEST_true(create_ssl_ctx_pair(TLS_server_method(), NULL,
+                                              TLS1_VERSION, TLS_MAX_VERSION,
+                                              &sctx2, NULL, cert, privkey)))
         goto end;
 
 
@@ -3308,9 +3317,9 @@ static int test_export_key_mat(int tst)
     if (tst == 3)
         return 1;
 #endif
-    if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
-                                       TLS_client_method(), &sctx,
-                                       &cctx, cert, privkey)))
+    if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
+                                       TLS1_VERSION, TLS_MAX_VERSION,
+                                       &sctx, &cctx, cert, privkey)))
         goto end;
 
     OPENSSL_assert(tst >= 0 && (size_t)tst < OSSL_NELEM(protocols));
@@ -3488,9 +3497,9 @@ static int test_ssl_clear(int idx)
 #endif
 
     /* Create an initial connection */
-    if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
-                                       TLS_client_method(), &sctx,
-                                       &cctx, cert, privkey))
+    if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
+                                       TLS1_VERSION, TLS_MAX_VERSION,
+                                       &sctx, &cctx, cert, privkey))
             || (idx == 1
                 && !TEST_true(SSL_CTX_set_max_proto_version(cctx,
                                                             TLS1_2_VERSION)))
@@ -3644,8 +3653,8 @@ static int test_pha_key_update(void)
     SSL *clientssl = NULL, *serverssl = NULL;
     int testresult = 0;
 
-    if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
-                                       TLS_client_method(),
+    if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
+                                       TLS1_VERSION, TLS_MAX_VERSION,
                                        &sctx, &cctx, cert, privkey)))
         return 0;
 

diff --git a/test/sslbuffertest.c b/test/sslbuffertest.c
index a1c3c6a6a33ab023d94998c48284e8a9496c8d38..7616eea2d5a3df13b1fe8562291be932ab356eed 100644 (file)
--- a/test/sslbuffertest.c
+++ b/test/sslbuffertest.c
@@ -166,6 +166,7 @@ int setup_tests(void)
         return 0;
 
     if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
+                             TLS1_VERSION, TLS_MAX_VERSION,
                              &serverctx, &clientctx, cert, pkey)) {
         TEST_error("Failed to create SSL_CTX pair\n");
         return 0;

diff --git a/test/sslcorrupttest.c b/test/sslcorrupttest.c
index 192310036adcc81d40f90e0894be3d91202a70f3..b06ce8128d7a04946c73ef23c8164f49be6b46cc 100644 (file)
--- a/test/sslcorrupttest.c
+++ b/test/sslcorrupttest.c
@@ -193,9 +193,9 @@ static int test_ssl_corrupt(int testidx)
 
     TEST_info("Starting #%d, %s", testidx, cipher_list[testidx]);
 
-    if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
-                                       TLS_client_method(), &sctx,
-                                       &cctx, cert, privkey)))
+    if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
+                                       TLS1_VERSION, TLS_MAX_VERSION,
+                                       &sctx, &cctx, cert, privkey)))
         return 0;
 
     if (!TEST_true(SSL_CTX_set_cipher_list(cctx, cipher_list[testidx])))

diff --git a/test/ssltest_old.c b/test/ssltest_old.c
index 7d31d368c76bf9acd1ee03daff25ad27e7b4281b..0661a42bbda3ef142c11331bc7f07594a74274e2 100644 (file)
--- a/test/ssltest_old.c
+++ b/test/ssltest_old.c
@@ -1330,17 +1330,24 @@ int main(int argc, char *argv[])
     } else if (tls1_2) {
         min_version = TLS1_2_VERSION;
         max_version = TLS1_2_VERSION;
+    } else {
+        min_version = SSL3_VERSION;
+        max_version = TLS_MAX_VERSION;
     }
 #endif
 #ifndef OPENSSL_NO_DTLS
-    if (dtls || dtls1 || dtls12)
+    if (dtls || dtls1 || dtls12) {
         meth = DTLS_method();
-    if (dtls1) {
-        min_version = DTLS1_VERSION;
-        max_version = DTLS1_VERSION;
-    } else if (dtls12) {
-        min_version = DTLS1_2_VERSION;
-        max_version = DTLS1_2_VERSION;
+        if (dtls1) {
+            min_version = DTLS1_VERSION;
+            max_version = DTLS1_VERSION;
+        } else if (dtls12) {
+            min_version = DTLS1_2_VERSION;
+            max_version = DTLS1_2_VERSION;
+        } else {
+            min_version = DTLS_MIN_VERSION;
+            max_version = DTLS_MAX_VERSION;
+        }
     }
 #endif
 

diff --git a/test/ssltestlib.c b/test/ssltestlib.c
index 4473c670d7467e85b5b23b522312abf9d04d5857..f7dc65f7348286144612bd10b53153ff3b6e32e7 100644 (file)
--- a/test/ssltestlib.c
+++ b/test/ssltestlib.c
@@ -511,6 +511,7 @@ static int mempacket_test_puts(BIO *bio, const char *str)
 }
 
 int create_ssl_ctx_pair(const SSL_METHOD *sm, const SSL_METHOD *cm,
+                        int min_proto_version, int max_proto_version,
                         SSL_CTX **sctx, SSL_CTX **cctx, char *certfile,
                         char *privkeyfile)
 {
@@ -521,6 +522,22 @@ int create_ssl_ctx_pair(const SSL_METHOD *sm, const SSL_METHOD *cm,
             || (cctx != NULL && !TEST_ptr(clientctx = SSL_CTX_new(cm))))
         goto err;
 
+    if ((min_proto_version > 0
+         && !TEST_true(SSL_CTX_set_min_proto_version(serverctx,
+                                                     min_proto_version)))
+        || (max_proto_version > 0
+            && !TEST_true(SSL_CTX_set_max_proto_version(serverctx,
+                                                        max_proto_version))))
+        goto err;
+    if (clientctx != NULL
+        && ((min_proto_version > 0
+             && !TEST_true(SSL_CTX_set_min_proto_version(serverctx,
+                                                         min_proto_version)))
+            || (max_proto_version > 0
+                && !TEST_true(SSL_CTX_set_max_proto_version(serverctx,
+                                                            max_proto_version)))))
+        goto err;
+
     if (!TEST_int_eq(SSL_CTX_use_certificate_file(serverctx, certfile,
                                                   SSL_FILETYPE_PEM), 1)
             || !TEST_int_eq(SSL_CTX_use_PrivateKey_file(serverctx, privkeyfile,

diff --git a/test/ssltestlib.h b/test/ssltestlib.h
index 385833bad85c79825367b61eb08a2d4524ba8b17..9d1ceb07186047169764e0472d436266aaa9c580 100644 (file)
--- a/test/ssltestlib.h
+++ b/test/ssltestlib.h
@@ -13,6 +13,7 @@
 # include <openssl/ssl.h>
 
 int create_ssl_ctx_pair(const SSL_METHOD *sm, const SSL_METHOD *cm,
+                        int min_proto_version, int max_proto_version,
                         SSL_CTX **sctx, SSL_CTX **cctx, char *certfile,
                         char *privkeyfile);
 int create_ssl_objects(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl,

diff --git a/test/tls13ccstest.c b/test/tls13ccstest.c
index afea0ea58d94e889dc94d73638cd3e846ef8c3c6..41e4896fa9852a7f12a4b0f3d61f723abfbb35e2 100644 (file)
--- a/test/tls13ccstest.c
+++ b/test/tls13ccstest.c
@@ -255,6 +255,7 @@ static int test_tls13ccs(int tst)
     chsessidlen = 0;
 
     if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
+                                       TLS1_VERSION, TLS_MAX_VERSION,
                                        &sctx, &cctx, cert, privkey))
         || !TEST_true(SSL_CTX_set_max_early_data(sctx,
                                                  SSL3_RT_MAX_PLAIN_LENGTH))