Fix HelloVerifyRequest version handling

commit: b35fe5638a60437422c78b36162fa5f6e61fed22 [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Sat Aug 09 17:00:46 2014 +0200
committer: Paul Bakker <p.j.bakker@polarssl.org> Tue Oct 21 16:30:20 2014 +0200
tree: 94bab311eea01c398bc2fcd82473a74315f287bb
parent: 4ba6ab6d0ded99c5b7f02cbcfe3e69f80fe44840 [diff] [blame]
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 0f4fd6c..12a8ff5 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c

@@ -975,9 +975,14 @@
     ssl_read_version( &major_ver, &minor_ver, ssl->transport, p );
     p += 2;
 
-    if( major_ver != SSL_MAJOR_VERSION_3 ||
+    /*
+     * Since the RFC is not clear on this point, accept DTLS 1.0 (TLS 1.1)
+     * even is lower than our min version.
+     */
+    if( major_ver < SSL_MAJOR_VERSION_3 ||
         minor_ver < SSL_MINOR_VERSION_2 ||
-        minor_ver > SSL_MINOR_VERSION_3 )
+        major_ver > ssl->max_major_ver  ||
+        minor_ver > ssl->max_minor_ver  )
     {
         SSL_DEBUG_MSG( 1, ( "bad server version" ) );
commit	b35fe5638a60437422c78b36162fa5f6e61fed22	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Sat Aug 09 17:00:46 2014 +0200
committer	Paul Bakker <p.j.bakker@polarssl.org>	Tue Oct 21 16:30:20 2014 +0200
tree	94bab311eea01c398bc2fcd82473a74315f287bb
parent	4ba6ab6d0ded99c5b7f02cbcfe3e69f80fe44840 [diff] [blame]