|
|
e4d72e |
diff -up nss/gtests/ssl_gtest/ssl_versionpolicy_unittest.cc.version-range-set nss/gtests/ssl_gtest/ssl_versionpolicy_unittest.cc
|
|
|
e4d72e |
--- nss/gtests/ssl_gtest/ssl_versionpolicy_unittest.cc.version-range-set 2019-04-26 16:56:32.753283497 +0200
|
|
|
e4d72e |
+++ nss/gtests/ssl_gtest/ssl_versionpolicy_unittest.cc 2019-04-26 16:56:51.096889439 +0200
|
|
|
e4d72e |
@@ -151,12 +151,6 @@ class TestPolicyVersionRange
|
|
|
e4d72e |
}
|
|
|
e4d72e |
|
|
|
e4d72e |
bool IsValidInputForVersionRangeSet(SSLVersionRange* expectedEffectiveRange) {
|
|
|
e4d72e |
- if (input_.min() <= SSL_LIBRARY_VERSION_3_0 &&
|
|
|
e4d72e |
- input_.max() >= SSL_LIBRARY_VERSION_TLS_1_3) {
|
|
|
e4d72e |
- // This is always invalid input, independent of policy
|
|
|
e4d72e |
- return false;
|
|
|
e4d72e |
- }
|
|
|
e4d72e |
-
|
|
|
e4d72e |
if (input_.min() < library_.min() || input_.max() > library_.max() ||
|
|
|
e4d72e |
input_.min() > input_.max()) {
|
|
|
e4d72e |
// Asking for unsupported ranges is invalid input for VersionRangeSet
|
|
|
e4d72e |
diff -up nss/lib/ssl/sslsock.c.version-range-set nss/lib/ssl/sslsock.c
|
|
|
e4d72e |
--- nss/lib/ssl/sslsock.c.version-range-set 2019-04-26 16:56:11.810733383 +0200
|
|
|
e4d72e |
+++ nss/lib/ssl/sslsock.c 2019-04-26 16:56:11.813733319 +0200
|
|
|
e4d72e |
@@ -2542,13 +2542,6 @@ SSL_VersionRangeGetDefault(SSLProtocolVa
|
|
|
e4d72e |
return ssl3_CreateOverlapWithPolicy(protocolVariant, vrange, vrange);
|
|
|
e4d72e |
}
|
|
|
e4d72e |
|
|
|
e4d72e |
-static PRBool
|
|
|
e4d72e |
-ssl3_HasConflictingSSLVersions(const SSLVersionRange *vrange)
|
|
|
e4d72e |
-{
|
|
|
e4d72e |
- return (vrange->min <= SSL_LIBRARY_VERSION_3_0 &&
|
|
|
e4d72e |
- vrange->max >= SSL_LIBRARY_VERSION_TLS_1_3);
|
|
|
e4d72e |
-}
|
|
|
e4d72e |
-
|
|
|
e4d72e |
static SECStatus
|
|
|
e4d72e |
ssl3_CheckRangeValidAndConstrainByPolicy(SSLProtocolVariant protocolVariant,
|
|
|
e4d72e |
SSLVersionRange *vrange)
|
|
|
e4d72e |
@@ -2557,8 +2550,7 @@ ssl3_CheckRangeValidAndConstrainByPolicy
|
|
|
e4d72e |
|
|
|
e4d72e |
if (vrange->min > vrange->max ||
|
|
|
e4d72e |
!ssl3_VersionIsSupportedByCode(protocolVariant, vrange->min) ||
|
|
|
e4d72e |
- !ssl3_VersionIsSupportedByCode(protocolVariant, vrange->max) ||
|
|
|
e4d72e |
- ssl3_HasConflictingSSLVersions(vrange)) {
|
|
|
e4d72e |
+ !ssl3_VersionIsSupportedByCode(protocolVariant, vrange->max)) {
|
|
|
e4d72e |
PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE);
|
|
|
e4d72e |
return SECFailure;
|
|
|
e4d72e |
}
|