commit e0ff7670253bf6525bd827125cdf7409f05d32ce
author David Benjamin <davidben@google.com> Mon Sep 19 18:40:03 2016 -0400
committer CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Wed Sep 21 17:03:42 2016 +0000
tree 23a8b8f623a66da5ba21eae397b0134cbbaf1188
parent 28d938d4c3b0e7a7fd34afc755c6dc8ab40a0172

Remove SSL_set_fallback_version.

Ding-dong the fallback's dead.
https://mailarchive.ietf.org/arch/msg/tls/xfCh7D7hISFs5x-eA0xHwksoLrc

Also we'll need to tweak the versioning code slightly to implement
supported_versions and it's nice to have this out of the way.

Change-Id: I0961e19ea56b4afd828f6f48858ac6310129503d
Reviewed-on: https://boringssl-review.googlesource.com/11120
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

ssl/handshake_client.c

diff --git a/ssl/handshake_client.c b/ssl/handshake_client.c
index 238906b..4e4cf5c 100644
--- a/ssl/handshake_client.c
+++ b/ssl/handshake_client.c
@@ -581,8 +581,7 @@
 
 static int ssl_write_client_cipher_list(SSL *ssl, CBB *out,
                                         uint16_t min_version,
-                                        uint16_t max_version,
-                                        uint16_t real_max_version) {
+                                        uint16_t max_version) {
   /* Prepare disabled cipher masks. */
   ssl_set_client_disabled(ssl);
 
@@ -636,8 +635,7 @@
     }
   }
 
-  if ((ssl->mode & SSL_MODE_SEND_FALLBACK_SCSV) ||
-      real_max_version > max_version) {
+  if (ssl->mode & SSL_MODE_SEND_FALLBACK_SCSV) {
     if (!CBB_add_u16(&child, SSL3_CK_FALLBACK_SCSV & 0xffff)) {
       return 0;
     }
@@ -647,9 +645,8 @@
 }
 
 int ssl_add_client_hello_body(SSL *ssl, CBB *body) {
-  uint16_t min_version, max_version, real_max_version;
-  if (!ssl_get_full_version_range(ssl, &min_version, &max_version,
-                                  &real_max_version)) {
+  uint16_t min_version, max_version;
+  if (!ssl_get_version_range(ssl, &min_version, &max_version)) {
     return 0;
   }
 
@@ -676,8 +673,7 @@
 
   size_t header_len =
       SSL_is_dtls(ssl) ? DTLS1_HM_HEADER_LENGTH : SSL3_HM_HEADER_LENGTH;
-  if (!ssl_write_client_cipher_list(ssl, body, min_version, max_version,
-                                    real_max_version) ||
+  if (!ssl_write_client_cipher_list(ssl, body, min_version, max_version) ||
       !CBB_add_u8(body, 1 /* one compression method */) ||
       !CBB_add_u8(body, 0 /* null compression */) ||
       !ssl_add_clienthello_tlsext(ssl, body, header_len + CBB_len(body))) {
@@ -837,9 +833,8 @@
 
   server_version = ssl->method->version_from_wire(server_wire_version);
 
-  uint16_t min_version, max_version, real_max_version;
-  if (!ssl_get_full_version_range(ssl, &min_version, &max_version,
-                                  &real_max_version) ||
+  uint16_t min_version, max_version;
+  if (!ssl_get_version_range(ssl, &min_version, &max_version) ||
       server_version < min_version || server_version > max_version) {
     OPENSSL_PUT_ERROR(SSL, SSL_R_UNSUPPORTED_PROTOCOL);
     al = SSL_AD_PROTOCOL_VERSION;