From: Tobias Brunner <tobias@strongswan.org>
Date: Thu, 14 Jan 2021 14:11:13 +0000 (+0100)
Subject: tls-crypto: Only log modified TLS versions if successfully set
X-Git-Tag: 5.9.2rc1~23^2~17
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8cf3998f1a95f7890379262df0d568c071418a8f;p=thirdparty%2Fstrongswan.git

tls-crypto: Only log modified TLS versions if successfully set

If no cipher suites are available, the new versions are the previous
values but reversed (i.e. the versions were not changed but we still
ended up with a log message saying "TLS min/max TLS 1.3/TLS 1.0 ...").

Also switched to using the numeric version names to avoid the repeated
"TLS" prefix.
---

diff --git a/src/libtls/tls_crypto.c b/src/libtls/tls_crypto.c
index e8126c0008..23c36374e6 100644
--- a/src/libtls/tls_crypto.c
+++ b/src/libtls/tls_crypto.c
@@ -1222,12 +1222,12 @@ static void build_cipher_suite_list(private_tls_crypto_t *this)
 	new_max_version = min(new_max_version, max_version);
 	new_min_version = max(new_min_version, min_version);
 
-	if (min_version != new_min_version || max_version != new_max_version)
+	if ((min_version != new_min_version || max_version != new_max_version) &&
+		this->tls->set_version(this->tls, new_min_version, new_max_version))
 	{
-		this->tls->set_version(this->tls, new_min_version, new_max_version);
 		DBG2(DBG_TLS, "TLS min/max %N/%N according to the cipher suites",
-			 tls_version_names, new_min_version,
-			 tls_version_names, new_max_version);
+			 tls_numeric_version_names, new_min_version,
+			 tls_numeric_version_names, new_max_version);
 	}
 }