commit 66c4810ffe98aaf2642be69871c8823dd0cea9e5
author Paul Bakker <p.j.bakker@polarssl.org> Fri Jul 26 14:05:32 2013 +0200
committer Paul Bakker <p.j.bakker@polarssl.org> Fri Jul 26 14:05:32 2013 +0200
tree 56e46b7fe91a6e9a4da6ce585556374e69b9b7a0
parent 6c8527971917daf5bc7ef6faf3fdbf7b25ca3291

Better handling of ciphersuite version range and forced version in
ssl_client2

programs/ssl/ssl_client2.c

diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 50a7518..05dfdc7 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -435,13 +435,24 @@
         const ssl_ciphersuite_t *ciphersuite_info;
         ciphersuite_info = ssl_ciphersuite_from_id( opt.force_ciphersuite[0] );
 
-        if( ciphersuite_info->min_minor_ver > opt.max_version ||
+        if( opt.max_version != -1 &&
+            ciphersuite_info->min_minor_ver > opt.max_version )
+        {
+            printf("forced ciphersuite not allowed with this protocol version\n");
+            ret = 2;
+            goto usage;
+        }
+        if( opt.min_version != -1 &&
             ciphersuite_info->max_minor_ver < opt.min_version )
         {
             printf("forced ciphersuite not allowed with this protocol version\n");
             ret = 2;
             goto usage;
         }
+        if( opt.max_version > ciphersuite_info->max_minor_ver )
+            opt.max_version = ciphersuite_info->max_minor_ver;
+        if( opt.min_version < ciphersuite_info->min_minor_ver )
+            opt.min_version = ciphersuite_info->min_minor_ver;
     }
 
 #if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)