TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / c63a1e0e153989c2dddf83324c476026a204903e^! / .
commitc63a1e0e153989c2dddf83324c476026a204903e[log] [tgz]
authorGilles Peskine <Gilles.Peskine@arm.com>Thu Jan 13 01:10:24 2022 +0100
committerGilles Peskine <Gilles.Peskine@arm.com>Mon Feb 21 15:14:01 2022 +0100
tree285027923ebf57538ee173f54066fbdae5e8e28f
parent1255b0de98dcdf28d1365f2fda1a2a0f25d0c821 [diff]
Fix mbedtls_ssl_get_version() for TLSv1.3

Test it in ssl-opt.sh.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

diff --git a/ChangeLog.d/ssl_get_version_1_3.txt b/ChangeLog.d/ssl_get_version_1_3.txt
new file mode 100644
index 0000000..4436522
--- /dev/null
+++ b/ChangeLog.d/ssl_get_version_1_3.txt

@@ -0,0 +1,2 @@
+Bugfix
+   * Fix mbedtls_ssl_get_version() not reporting TLSv1.3. Fixes #5406.

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 436e15c..adb18ab 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -2241,7 +2241,8 @@
     {
         case MBEDTLS_SSL_MINOR_VERSION_3:
             return( "TLSv1.2" );
-
+        case MBEDTLS_SSL_MINOR_VERSION_4:
+            return( "TLSv1.3" );
         default:
             return( "unknown" );
     }

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index dd05716..0548c14 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh

@@ -9668,6 +9668,7 @@
             -c "<= parse certificate verify"          \
             -c "mbedtls_ssl_tls13_process_certificate_verify() returned 0" \
             -c "<= parse finished message" \
+            -c "Protocol is TLSv1.3" \
             -c "HTTP/1.0 200 ok"
 
 requires_gnutls_tls1_3