return this->version;
}
-METHOD(tls_t, set_version, void,
+METHOD(tls_t, set_version, bool,
private_tls_t *this, tls_version_t version)
{
- this->version = version;
+ if (version > this->version)
+ {
+ return FALSE;
+ }
+ switch (version)
+ {
+ case TLS_1_0:
+ case TLS_1_1:
+ case TLS_1_2:
+ this->version = version;
+ return TRUE;
+ case SSL_2_0:
+ case SSL_3_0:
+ default:
+ return FALSE;
+ }
}
METHOD(tls_t, get_purpose, tls_purpose_t,
* Set the negotiated TLS/SSL version.
*
* @param version negotiated TLS version
+ * @return TRUE if version acceptable
*/
- void (*set_version)(tls_t *this, tls_version_t version);
+ bool (*set_version)(tls_t *this, tls_version_t version);
/**
* Get the purpose of this TLS stack instance.
memcpy(this->server_random, random.ptr, sizeof(this->server_random));
- if (version < this->tls->get_version(this->tls))
+ if (!this->tls->set_version(this->tls, version))
{
- this->tls->set_version(this->tls, version);
+ DBG1(DBG_TLS, "negotiated version %N not supported",
+ tls_version_names, version);
+ return FAILED;
}
suite = cipher;
if (!this->crypto->select_cipher_suite(this->crypto, &suite, 1))
memcpy(this->client_random, random.ptr, sizeof(this->client_random));
- if (version < this->tls->get_version(this->tls))
+ if (!this->tls->set_version(this->tls, version))
{
- this->tls->set_version(this->tls, version);
+ DBG1(DBG_TLS, "negotiated version %N not supported",
+ tls_version_names, version);
+ return FAILED;
}
-
count = ciphers.len / sizeof(u_int16_t);
suites = alloca(count * sizeof(tls_cipher_suite_t));
DBG2(DBG_TLS, "received %d TLS cipher suites:", count);
projects / thirdparty / strongswan.git / commitdiff
