Author Alan.Huang
Recipients Alan.Huang, alex, christian.heimes, dstufft, janssen
Date 2018-07-02.14:38:32
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1530542312.23.0.56676864532.issue34001@psf.upfronthosting.co.za>
In-reply-to
Content
Strangely, LibreSSL's `ssl_clamp_version_range` function is perfectly happy to accept minimum protocol versions lower than the lowest supported protocol version, and likewise is happy to accept maximum protocol versions higher than the highest supported protocol version.
In said case, the minimum/maximum protocol version is set to clamp_min/clamp_max (i.e., the minimum/maximum protocol version supported by the internal method).

As such, the assertion test `ctx.minimum_version = 42` on line 1127 in test_min_max_version in test_ssl.py fails.

A possible fix would be to add another check in `set_min_max_proto_version` _ssl.c that checks if the current set protocol version is equal to the value passed (with exceptions for the magic constants of `MINIMUM_SUPPORTED` and `MAXIMUM_SUPPORTED`), and if not, raise a ValueError as well.

One dilemma is whether to reset the respective version back to what it was before the attempt, which I think should be done.
History
Date User Action Args
2018-07-02 14:38:32Alan.Huangsetrecipients: + Alan.Huang, janssen, christian.heimes, alex, dstufft
2018-07-02 14:38:32Alan.Huangsetmessageid: <1530542312.23.0.56676864532.issue34001@psf.upfronthosting.co.za>
2018-07-02 14:38:32Alan.Huanglinkissue34001 messages
2018-07-02 14:38:32Alan.Huangcreate