TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 798f15a500f9cf05064eced843161e82b9a87117^! / . / programs / ssl / ssl_server2.c
commit798f15a500f9cf05064eced843161e82b9a87117[log] [tgz]
authorManuel Pégourié-Gonnard <mpg@elzevir.fr>Wed Mar 26 18:12:04 2014 +0100
committerPaul Bakker <p.j.bakker@polarssl.org>Tue Oct 21 16:30:10 2014 +0200
treef74d27f8db77fa34505cab116645a07d8340235b
parent3025b6cfd6ab2d0f599f3fb8a77b0d8f2d8d9d7d [diff] [blame]
Fix version adjustments with force_ciphersuite

diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 59c949c..d659076 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c

@@ -965,10 +965,22 @@
             ret = 2;
             goto usage;
         }
-        if( opt.max_version > ciphersuite_info->max_minor_ver )
+
+        /* If we select a version that's not supported by
+         * this suite, then there will be no common ciphersuite... */
+        if( opt.max_version == -1 ||
+            opt.max_version > ciphersuite_info->max_minor_ver )
+        {
             opt.max_version = ciphersuite_info->max_minor_ver;
+        }
         if( opt.min_version < ciphersuite_info->min_minor_ver )
+        {
             opt.min_version = ciphersuite_info->min_minor_ver;
+            /* DTLS starts with TLS 1.1 */
+            if( opt.transport == SSL_TRANSPORT_DATAGRAM &&
+                opt.min_version < SSL_MINOR_VERSION_2 )
+                opt.min_version = SSL_MINOR_VERSION_2;
+        }
     }
 
     if( opt.version_suites != NULL )
@@ -1285,7 +1297,7 @@
 
     if( ( ret = ssl_set_transport( &ssl, opt.transport ) ) != 0 )
     {
-        printf( "selected transport is not available\n" );
+        printf( " failed\n  ! selected transport is not available\n" );
         goto exit;
     }
 
@@ -1421,7 +1433,7 @@
         ret = ssl_set_min_version( &ssl, SSL_MAJOR_VERSION_3, opt.min_version );
         if( ret != 0 )
         {
-            printf( " selected min_version is not available\n" );
+            printf( " failed\n  ! selected min_version is not available\n" );
             goto exit;
         }
     }
@@ -1431,7 +1443,7 @@
         ret = ssl_set_max_version( &ssl, SSL_MAJOR_VERSION_3, opt.max_version );
         if( ret != 0 )
         {
-            printf( " selected max_version is not available\n" );
+            printf( " failed\n  ! selected max_version is not available\n" );
             goto exit;
         }
     }