If we don't do this, we might negotiate a TLS version for which we don't
have any suites configured, so that the cipher suite negotiation
subsequently fails.
{
build_cipher_suite_list(this);
}
- *suites = this->suites;
+ if (suites)
+ {
+ *suites = this->suites;
+ }
return this->suite_count;
}
suite_algs_t *algs;
int i, j;
- if (!this->suites)
- {
- build_cipher_suite_list(this);
- }
-
for (i = 0; i < this->suite_count; i++)
{
for (j = 0; j < count; j++)
/**
* Get a list of supported TLS cipher suites.
*
- * @param suites list of suites, points to internal data
+ * @param suites optional list of suites, points to internal data
* @return number of suites returned
*/
int (*get_cipher_suites)(tls_crypto_t *this, tls_cipher_suite_t **suites);
return NEED_MORE;
}
+ /* before we do anything version-related, determine our supported suites
+ * as that might change the min./max. versions */
+ this->crypto->get_cipher_suites(this->crypto, NULL);
+
if (ext.len)
{
extensions = bio_reader_create(ext);
projects / thirdparty / strongswan.git / commitdiff
