From 0043938de4c9f595291837816031a6fb339690ba Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Sat, 21 Feb 2015 11:46:13 +0100
Subject: corrected check which prevented client to sent an unacceptable for
 the version ciphersuite

---
 lib/algorithms/ciphersuites.c | 23 ++++++++++++-----------
 1 file changed, 12 insertions(+), 11 deletions(-)

(limited to 'lib/algorithms/ciphersuites.c')

diff --git a/lib/algorithms/ciphersuites.c b/lib/algorithms/ciphersuites.c
index 75608e9925..2463c3c1a1 100644
--- a/lib/algorithms/ciphersuites.c
+++ b/lib/algorithms/ciphersuites.c
@@ -1282,17 +1282,18 @@ _gnutls_supported_ciphersuites(gnutls_session_t session,
 				if (ce == NULL)
 					continue;
 
-				if (is_dtls == 0
-				    && !(version->id >= ce->min_version))
-					continue;
-				else if (is_dtls != 0
-					 && !(version->id >=
-					      ce->min_dtls_version))
-
-					if (k + 2 > max_cipher_suite_size)
-						return
-						    gnutls_assert_val
-						    (GNUTLS_E_INTERNAL_ERROR);
+				if (is_dtls) {
+					if (version->id < ce->min_dtls_version)
+						continue;
+				} else {
+					if (version->id < ce->min_version)
+						continue;
+				}
+
+				if (k + 2 > max_cipher_suite_size)
+					return
+					    gnutls_assert_val
+					    (GNUTLS_E_INTERNAL_ERROR);
 
 				memcpy(&cipher_suites[k], ce->id, 2);
 				k += 2;
-- 
cgit v1.2.1