diff --git a/src/ssl.c b/src/ssl.c index fcfc45560..1167a4f57 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -46249,7 +46249,20 @@ long wolfSSL_CTX_ctrl(WOLFSSL_CTX* ctx, int cmd, long opt, void* pt) case SSL_CTRL_MODE: wolfSSL_CTX_set_mode(ctx,opt); break; - + case SSL_CTRL_SET_MIN_PROTO_VERSION: + WOLFSSL_MSG("set min proto version"); + if (opt == 0) { + /* do nothing */ + return WOLFSSL_SUCCESS; + } + return wolfSSL_CTX_set_min_proto_version(ctx, (int)opt); + case SSL_CTRL_SET_MAX_PROTO_VERSION: + WOLFSSL_MSG("set max proto version"); + if (opt == 0) { + /* do nothing */ + return WOLFSSL_SUCCESS; + } + return wolfSSL_CTX_set_max_proto_version(ctx, (int)opt); default: WOLFSSL_MSG("CTX_ctrl cmd not implemented"); ret = WOLFSSL_FAILURE; diff --git a/tests/api.c b/tests/api.c index 29bddbd8b..15fe861b7 100644 --- a/tests/api.c +++ b/tests/api.c @@ -35937,7 +35937,23 @@ static void test_wolfSSL_CTX_ctrl(void) AssertNull(SSL_CTX_get_default_passwd_cb(ctx)); AssertNull(SSL_CTX_get_default_passwd_cb_userdata(ctx)); #endif + + /* Test for min/max proto */ + #ifndef WOLFSSL_NO_TLS12 + AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, + 0, NULL), SSL_SUCCESS); + AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, + TLS1_2_VERSION, NULL), SSL_SUCCESS); + AssertIntEQ(wolfSSL_CTX_get_min_proto_version(ctx), TLS1_2_VERSION); + #endif + #ifdef WOLFSSL_TLS13 + AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, + 0, NULL), SSL_SUCCESS); + + AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, + TLS1_3_VERSION, NULL), SSL_SUCCESS); + #endif /* Cleanup and Pass */ #if !defined(NO_DH) && !defined(NO_DSA) #ifndef NO_BIO