Verify negotiated TLS version

author: Martin Willi <martin@revosec.ch> 2010-08-20 16:08:59 +0200
committer: Martin Willi <martin@revosec.ch> 2010-08-23 09:47:03 +0200
commit: f154e30431ee61d9f10027020d0eeb947722e1ea (patch)
tree: 3a232e7a782042468bff8e0f6dcd6c473f56f221 /src/libtls/tls_peer.c
parent: 3c19b3461f835b901395b3335d6456ca60dbe5ab (diff)
download: strongswan-f154e30431ee61d9f10027020d0eeb947722e1ea.tar.bz2
strongswan-f154e30431ee61d9f10027020d0eeb947722e1ea.tar.xz
1 files changed, 4 insertions, 2 deletions
diff --git a/src/libtls/tls_peer.c b/src/libtls/tls_peer.c
index 09364d53b..ddd117a87 100644
--- a/src/libtls/tls_peer.c
+++ b/src/libtls/tls_peer.c
@@ -130,9 +130,11 @@ static status_t process_server_hello(private_tls_peer_t *this,
 
 	memcpy(this->server_random, random.ptr, sizeof(this->server_random));
 
-	if (version < this->tls->get_version(this->tls))
+	if (!this->tls->set_version(this->tls, version))
 	{
-		this->tls->set_version(this->tls, version);
+		DBG1(DBG_TLS, "negotiated version %N not supported",
+			 tls_version_names, version);
+		return FAILED;
 	}
 	suite = cipher;
 	if (!this->crypto->select_cipher_suite(this->crypto, &suite, 1))
author	Martin Willi <martin@revosec.ch>	2010-08-20 16:08:59 +0200
committer	Martin Willi <martin@revosec.ch>	2010-08-23 09:47:03 +0200
commit	f154e30431ee61d9f10027020d0eeb947722e1ea (patch)
tree	3a232e7a782042468bff8e0f6dcd6c473f56f221 /src/libtls/tls_peer.c
parent	3c19b3461f835b901395b3335d6456ca60dbe5ab (diff)
download	strongswan-f154e30431ee61d9f10027020d0eeb947722e1ea.tar.bz2 strongswan-f154e30431ee61d9f10027020d0eeb947722e1ea.tar.xz