commit 490ecc8c3e84deac38288340a8bd67a88b65996e
author Paul Bakker <p.j.bakker@polarssl.org> Thu Oct 06 13:04:09 2011 +0000
committer Paul Bakker <p.j.bakker@polarssl.org> Thu Oct 06 13:04:09 2011 +0000
tree 08adae4fb62473b550e5ab5d53bed14171144981
parent 7eb013faceea36a12aa4f629885162479c537305

 - Added ssl_set_max_version() to set the client's maximum sent version number

ChangeLog

diff --git a/ChangeLog b/ChangeLog
index 63ec368..815d1a5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,9 @@
    * Added ssl_session_reset() to allow better multi-connection pools of
      SSL contexts without needing to set all non-connection-specific
 	 data and pointers again. Adapted ssl_server to use this functionality.
+   * Added ssl_set_max_version() to allow clients to offer a lower maximum
+     supported version to a server to help buggy server implementations.
+	 (Closes ticket #36)
 
 = Version 1.0.0 released on 2011-07-27
 Features

include/polarssl/ssl.h

diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index 8cdb636..5e2cae3 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -565,6 +565,16 @@
 int ssl_set_hostname( ssl_context *ssl, const char *hostname );
 
 /**
+ * \brief          Set the maximum supported version sent from the client side
+ * 
+ * \param ssl      SSL context
+ * \param major    Major version number (only SSL_MAJOR_VERSION_3 supported)
+ * \param minor    Minor version number (SSL_MINOR_VERSION_0,
+ *                 SSL_MINOR_VERSION_1 and SSL_MINOR_VERSION_2 supported)
+ */
+void ssl_set_max_version( ssl_context *ssl, int major, int minor );
+
+/**
  * \brief          Return the number of data bytes available to read
  *
  * \param ssl      SSL context

library/ssl_cli.c

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 7e6e4c6..8644151 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -51,8 +51,11 @@
     ssl->major_ver = SSL_MAJOR_VERSION_3;
     ssl->minor_ver = SSL_MINOR_VERSION_0;
 
-    ssl->max_major_ver = SSL_MAJOR_VERSION_3;
-    ssl->max_minor_ver = SSL_MINOR_VERSION_2;
+    if( ssl->max_major_ver == 0 && ssl->max_minor_ver == 0 )
+    {
+        ssl->max_major_ver = SSL_MAJOR_VERSION_3;
+        ssl->max_minor_ver = SSL_MINOR_VERSION_2;
+    }
 
     /*
      *     0  .   0   handshake type

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 7e6e86c..c3644ad 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1920,6 +1920,12 @@
     return( 0 );
 }
 
+void ssl_set_max_version( ssl_context *ssl, int major, int minor )
+{
+    ssl->max_major_ver = major;
+    ssl->max_minor_ver = minor;
+}
+
 /*
  * SSL get accessors
  */