Verify negotiated TLS version

author: Martin Willi <martin@revosec.ch> 2010-08-20 16:08:59 +0200
committer: Martin Willi <martin@revosec.ch> 2010-08-23 09:47:03 +0200
commit: f154e30431ee61d9f10027020d0eeb947722e1ea (patch)
tree: 3a232e7a782042468bff8e0f6dcd6c473f56f221 /src/libtls/tls.c
parent: 3c19b3461f835b901395b3335d6456ca60dbe5ab (diff)
download: strongswan-f154e30431ee61d9f10027020d0eeb947722e1ea.tar.bz2
strongswan-f154e30431ee61d9f10027020d0eeb947722e1ea.tar.xz
1 files changed, 17 insertions, 2 deletions
diff --git a/src/libtls/tls.c b/src/libtls/tls.c
index da3b5b4f0..d46ce0084 100644
--- a/src/libtls/tls.c
+++ b/src/libtls/tls.c
@@ -146,10 +146,25 @@ METHOD(tls_t, get_version, tls_version_t,
 	return this->version;
 }
 
-METHOD(tls_t, set_version, void,
+METHOD(tls_t, set_version, bool,
 	private_tls_t *this, tls_version_t version)
 {
-	this->version = version;
+	if (version > this->version)
+	{
+		return FALSE;
+	}
+	switch (version)
+	{
+		case TLS_1_0:
+		case TLS_1_1:
+		case TLS_1_2:
+			this->version = version;
+			return TRUE;
+		case SSL_2_0:
+		case SSL_3_0:
+		default:
+			return FALSE;
+	}
 }
 
 METHOD(tls_t, get_purpose, tls_purpose_t,
author	Martin Willi <martin@revosec.ch>	2010-08-20 16:08:59 +0200
committer	Martin Willi <martin@revosec.ch>	2010-08-23 09:47:03 +0200
commit	f154e30431ee61d9f10027020d0eeb947722e1ea (patch)
tree	3a232e7a782042468bff8e0f6dcd6c473f56f221 /src/libtls/tls.c
parent	3c19b3461f835b901395b3335d6456ca60dbe5ab (diff)
download	strongswan-f154e30431ee61d9f10027020d0eeb947722e1ea.tar.bz2 strongswan-f154e30431ee61d9f10027020d0eeb947722e1ea.tar.xz