Fix mbedtls_ssl_get_version() for TLSv1.3
Test it in ssl-opt.sh.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
diff --git a/ChangeLog.d/ssl_get_version_1_3.txt b/ChangeLog.d/ssl_get_version_1_3.txt
new file mode 100644
index 0000000..4436522
--- /dev/null
+++ b/ChangeLog.d/ssl_get_version_1_3.txt
@@ -0,0 +1,2 @@
+Bugfix
+ * Fix mbedtls_ssl_get_version() not reporting TLSv1.3. Fixes #5406.
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 436e15c..adb18ab 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2241,7 +2241,8 @@
{
case MBEDTLS_SSL_MINOR_VERSION_3:
return( "TLSv1.2" );
-
+ case MBEDTLS_SSL_MINOR_VERSION_4:
+ return( "TLSv1.3" );
default:
return( "unknown" );
}
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index dd05716..0548c14 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -9668,6 +9668,7 @@
-c "<= parse certificate verify" \
-c "mbedtls_ssl_tls13_process_certificate_verify() returned 0" \
-c "<= parse finished message" \
+ -c "Protocol is TLSv1.3" \
-c "HTTP/1.0 200 ok"
requires_gnutls_tls1_3