diff options
Diffstat (limited to 'lib/handshake.c')
-rw-r--r-- | lib/handshake.c | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/lib/handshake.c b/lib/handshake.c index 8d58fa48e7..b40f84b3d9 100644 --- a/lib/handshake.c +++ b/lib/handshake.c @@ -823,7 +823,17 @@ read_client_hello(gnutls_session_t session, uint8_t * data, return ret; } - _gnutls_handshake_log("HSK[%p]: Selected version %s\n", session, session->security_parameters.pversion->name); + /* Only at this point we know the version we are actually going to use + * ("supported_versions" extension is parsed, user_hello_func is called, + * legacy version negotiation is done). */ + vers = get_version(session); + if (unlikely(vers == NULL)) + return gnutls_assert_val(GNUTLS_E_UNSUPPORTED_VERSION_PACKET); + + if (_gnutls_version_priority(session, vers->id) < 0) + return gnutls_assert_val(GNUTLS_E_UNSUPPORTED_VERSION_PACKET); + + _gnutls_handshake_log("HSK[%p]: Selected version %s\n", session, vers->name); /* select appropriate compression method */ ret = @@ -2164,7 +2174,7 @@ static int send_client_hello(gnutls_session_t session, int again) } if (session->internals.priorities->min_record_version != 0) { - /* Advertize the lowest supported (SSL 3.0) record packet + /* Advertise the lowest supported (SSL 3.0) record packet * version in record packets during the handshake. * That is to avoid confusing implementations * that do not support TLS 1.2 and don't know |