cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-11-04 04:32:24 -05:00
Code Issues Packages Projects Releases Wiki Activity

Fix version adjustments with force_ciphersuite

Browse Source
This commit is contained in:
Manuel Pégourié-Gonnard 2014-03-26 18:12:04 +01:00 committed by Paul Bakker
parent 3025b6cfd6
commit 798f15a500
2 changed files with 34 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
programs/ssl/ssl_client2.c
View File

@ -656,10 +656,22 @@ int main( int argc, char *argv[] )
ret = 2;
goto usage;
}
if( opt.max_version > ciphersuite_info->max_minor_ver )
/* If the server selects a version that's not supported by
* this suite, then there will be no common ciphersuite... */
if( opt.max_version == -1 ||
opt.max_version > ciphersuite_info->max_minor_ver )
{
opt.max_version = ciphersuite_info->max_minor_ver;
}
if( opt.min_version < ciphersuite_info->min_minor_ver )
{
opt.min_version = ciphersuite_info->min_minor_ver;
/* DTLS starts with TLS 1.1 */
if( opt.transport == SSL_TRANSPORT_DATAGRAM &&
opt.min_version < SSL_MINOR_VERSION_2 )
opt.min_version = SSL_MINOR_VERSION_2;
}
}
#if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
@ -886,8 +898,6 @@ int main( int argc, char *argv[] )
goto exit;
}
printf( " ok\n" );
#if defined(POLARSSL_X509_CRT_PARSE_C)
if( opt.debug_level > 0 )
ssl_set_verify( &ssl, my_verify, NULL );
@ -898,7 +908,7 @@ int main( int argc, char *argv[] )
if( ( ret = ssl_set_transport( &ssl, opt.transport ) ) != 0 )
{
printf( "selected transport is not available\n" );
printf( " failed\n ! selected transport is not available\n" );
goto exit;
}
@ -990,7 +1000,7 @@ int main( int argc, char *argv[] )
ret = ssl_set_min_version( &ssl, SSL_MAJOR_VERSION_3, opt.min_version );
if( ret != 0 )
{
printf( " selected min_version is not available\n" );
printf( " failed\n ! selected min_version is not available\n" );
goto exit;
}
}
@ -1000,11 +1010,13 @@ int main( int argc, char *argv[] )
ret = ssl_set_max_version( &ssl, SSL_MAJOR_VERSION_3, opt.max_version );
if( ret != 0 )
{
printf( " selected max_version is not available\n" );
printf( " failed\n ! selected max_version is not available\n" );
goto exit;
}
}
printf( " ok\n" );
/*
* 4. Handshake
*/

20
programs/ssl/ssl_server2.c
View File

@ -965,10 +965,22 @@ int main( int argc, char *argv[] )
ret = 2;
goto usage;
}
if( opt.max_version > ciphersuite_info->max_minor_ver )
/* If we select a version that's not supported by
* this suite, then there will be no common ciphersuite... */
if( opt.max_version == -1 ||
opt.max_version > ciphersuite_info->max_minor_ver )
{
opt.max_version = ciphersuite_info->max_minor_ver;
}
if( opt.min_version < ciphersuite_info->min_minor_ver )
{
opt.min_version = ciphersuite_info->min_minor_ver;
/* DTLS starts with TLS 1.1 */
if( opt.transport == SSL_TRANSPORT_DATAGRAM &&
opt.min_version < SSL_MINOR_VERSION_2 )
opt.min_version = SSL_MINOR_VERSION_2;
}
}
if( opt.version_suites != NULL )
@ -1285,7 +1297,7 @@ int main( int argc, char *argv[] )
if( ( ret = ssl_set_transport( &ssl, opt.transport ) ) != 0 )
{
printf( "selected transport is not available\n" );
printf( " failed\n ! selected transport is not available\n" );
goto exit;
}
@ -1421,7 +1433,7 @@ int main( int argc, char *argv[] )
ret = ssl_set_min_version( &ssl, SSL_MAJOR_VERSION_3, opt.min_version );
if( ret != 0 )
{
printf( " selected min_version is not available\n" );
printf( " failed\n ! selected min_version is not available\n" );
goto exit;
}
}
@ -1431,7 +1443,7 @@ int main( int argc, char *argv[] )
ret = ssl_set_max_version( &ssl, SSL_MAJOR_VERSION_3, opt.max_version );
if( ret != 0 )
{
printf( " selected max_version is not available\n" );
printf( " failed\n ! selected max_version is not available\n" );
goto exit;
}
}