From e15f64cc81818f3769b91b2372559a64f0b92b7b Mon Sep 17 00:00:00 2001
From: Martin Willi <martin@revosec.ch>
Date: Tue, 25 Mar 2014 10:12:51 +0100
Subject: tls: Support a maximum TLS version to negotiate using TLS socket
 abstraction

---
 src/libtls/tls_socket.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src/libtls/tls_socket.c')

diff --git a/src/libtls/tls_socket.c b/src/libtls/tls_socket.c
index 4b18fa60e..648771e75 100644
--- a/src/libtls/tls_socket.c
+++ b/src/libtls/tls_socket.c
@@ -407,7 +407,7 @@ METHOD(tls_socket_t, destroy, void,
  */
 tls_socket_t *tls_socket_create(bool is_server, identification_t *server,
 							identification_t *peer, int fd, tls_cache_t *cache,
-							bool nullok)
+							tls_version_t max_version, bool nullok)
 {
 	private_tls_socket_t *this;
 	tls_purpose_t purpose;
@@ -448,6 +448,7 @@ tls_socket_t *tls_socket_create(bool is_server, identification_t *server,
 		free(this);
 		return NULL;
 	}
+	this->tls->set_version(this->tls, max_version);
 
 	return &this->public;
 }
-- 
cgit v1.2.3