Fix some missing checks for TLS1_3_VERSION_DRAFT

There were a few places where we weren't checking to see if we were using
the draft TLS1.3 version or not.

Reviewed-by: Rich Salz <rsalz@openssl.org>

2 files changed, 7 insertions, 1 deletions

diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 6c51699d33..15dc6fd35b 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -1118,6 +1118,10 @@ int ssl_choose_client_version(SSL *s, int version)
     const version_info *vent;
     const version_info *table;
 
+    /* TODO(TLS1.3): Remove this before release */
+    if (version == TLS1_3_VERSION_DRAFT)
+        version = TLS1_3_VERSION;
+
     switch (s->method->version) {
     default:
         if (version != s->version)
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 89de0257ac..a33362d57f 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -1547,7 +1547,9 @@ int tls_construct_server_hello(SSL *s, WPACKET *pkt)
     int compm, al = SSL_AD_INTERNAL_ERROR;
     size_t sl, len;
 
-    if (!WPACKET_put_bytes_u16(pkt, s->version)
+    /* TODO(TLS1.3): Remove the DRAFT conditional before release */
+    if (!WPACKET_put_bytes_u16(pkt, (s->version == TLS1_3_VERSION)
+                                    ? TLS1_3_VERSION_DRAFT : s->version)
                /*
                 * Random stuff. Filling of the server_random takes place in
                 * tls_process_client_hello()