cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-11-04 04:32:24 -05:00
Code Issues Packages Projects Releases Wiki Activity

Better handling of ciphersuite version range and forced version in

Browse Source 
ssl_server2
This commit is contained in:
Paul Bakker 2013-07-19 13:43:43 +02:00
parent bd5fd4d1da
commit 5b55b79021
1 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
programs/ssl/ssl_server2.c
View File

@ -405,13 +405,24 @@ int main( int argc, char *argv[] )
const ssl_ciphersuite_t *ciphersuite_info;
ciphersuite_info = ssl_ciphersuite_from_id( opt.force_ciphersuite[0] );
if( ciphersuite_info->min_minor_ver > opt.max_version ||
if( opt.max_version != -1 &&
ciphersuite_info->min_minor_ver > opt.max_version )
{
printf("forced ciphersuite not allowed with this protocol version\n");
ret = 2;
goto usage;
}
if( opt.min_version != -1 &&
ciphersuite_info->max_minor_ver < opt.min_version )
{
printf("forced ciphersuite not allowed with this protocol version\n");
ret = 2;
goto usage;
}
if( opt.max_version > ciphersuite_info->max_minor_ver )
opt.max_version = ciphersuite_info->max_minor_ver;
if( opt.min_version < ciphersuite_info->min_minor_ver )
opt.min_version = ciphersuite_info->min_minor_ver;
}
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)