From cb8774b6e88b1f4a9cbb091bc08dfb0eb0b14630 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 5 Jul 2019 11:20:49 +0100
Subject: [PATCH] Enforce that all SSL version bounds must be hardcoded
 simultaneously

---
 include/mbedtls/check_config.h | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 735a1e419..82e4dad59 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -614,6 +614,18 @@
 #error "MBEDTLS_SSL_DTLS_ANTI_REPLAY  defined, but not all prerequisites"
 #endif
 
+#if defined(MBEDTLS_SSL_CONF_MIN_MINOR_VER) || \
+    defined(MBEDTLS_SSL_CONF_MAX_MINOR_VER) || \
+    defined(MBEDTLS_SSL_CONF_MIN_MAJOR_VER) || \
+    defined(MBEDTLS_SSL_CONF_MAX_MAJOR_VER)
+#if !( defined(MBEDTLS_SSL_CONF_MIN_MINOR_VER) &&        \
+       defined(MBEDTLS_SSL_CONF_MAX_MINOR_VER) &&        \
+       defined(MBEDTLS_SSL_CONF_MIN_MAJOR_VER) &&        \
+       defined(MBEDTLS_SSL_CONF_MAX_MAJOR_VER) )
+#error "MBEDTLS_SSL_CONF_MIN_MINOR_VER, MBEDTLS_SSL_CONF_MAX_MINOR_VER, MBEDTLS_SSL_CONF_MIN_MAJOR_VER, MBEDTLS_SSL_CONF_MAX_MAJOR_VER must be defined simultaneously"
+#endif
+#endif
+
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) &&                              \
     ( !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) )
 #error "MBEDTLS_SSL_DTLS_CONNECTION_ID  defined, but not all prerequisites"