handshake->min_minor_ver to ->min_tls_version
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
diff --git a/library/ssl_client.c b/library/ssl_client.c
index 731b44f..f5b8be4 100644
--- a/library/ssl_client.c
+++ b/library/ssl_client.c
@@ -493,7 +493,7 @@
ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( cipher_suite );
if( mbedtls_ssl_validate_ciphersuite( ssl, ciphersuite_info,
- 0x0300 | ssl->handshake->min_minor_ver,
+ ssl->handshake->min_tls_version,
ssl->tls_version ) != 0 )
continue;
@@ -585,13 +585,13 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
unsigned char propose_tls12 =
- ( handshake->min_minor_ver <= MBEDTLS_SSL_MINOR_VERSION_3 )
+ ( handshake->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_2 )
&&
( MBEDTLS_SSL_VERSION_TLS1_2 <= ssl->tls_version );
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
unsigned char propose_tls13 =
- ( handshake->min_minor_ver <= MBEDTLS_SSL_MINOR_VERSION_4 )
+ ( handshake->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_3 )
&&
( MBEDTLS_SSL_VERSION_TLS1_3 <= ssl->tls_version );
#endif
@@ -851,19 +851,19 @@
*/
#if defined(MBEDTLS_SSL_RENEGOTIATION)
if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
- ssl->handshake->min_minor_ver = ssl->tls_version & 0xFF;
+ ssl->handshake->min_tls_version = ssl->tls_version;
else
#endif
{
if( ssl->handshake->resume )
{
ssl->tls_version = ssl->session_negotiate->tls_version;
- ssl->handshake->min_minor_ver = ssl->tls_version & 0xFF;
+ ssl->handshake->min_tls_version = ssl->tls_version;
}
else
{
ssl->tls_version = ssl->conf->max_tls_version;
- ssl->handshake->min_minor_ver = ssl->conf->min_tls_version & 0xFF;
+ ssl->handshake->min_tls_version = ssl->conf->min_tls_version;
}
}
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 672659d..9d34ca4 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -506,7 +506,7 @@
uint8_t cli_exts; /*!< client extension presence*/
#if defined(MBEDTLS_SSL_CLI_C)
- /*!< Minimum minor version to be negotiated.
+ /*!< Minimum TLS version to be negotiated.
*
* It is set up in the ClientHello writing preparation stage and used
* throughout the ClientHello writing. Not relevant anymore as soon as
@@ -517,14 +517,14 @@
* renegotiating or resuming a session, it is equal to the previously
* negotiated minor version.
*
- * There is no maximum minor version field in this handshake context.
+ * There is no maximum TLS version field in this handshake context.
* From the start of the handshake, we need to define a current protocol
- * version for the record layer which we define as the maximum minor
- * version to be negotiated. The `minor_ver` field of the SSL context is
+ * version for the record layer which we define as the maximum TLS
+ * version to be negotiated. The `tls_version` field of the SSL context is
* used to store this maximum value until it contains the actual
* negotiated value.
*/
- unsigned char min_minor_ver;
+ uint16_t min_tls_version;
#endif
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index acb4865..b05d2f2 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -49,8 +49,8 @@
size_t *out_len )
{
unsigned char *p = buf;
- unsigned char versions_len = ( ssl->handshake->min_minor_ver <=
- MBEDTLS_SSL_MINOR_VERSION_3 ) ? 4 : 2;
+ unsigned char versions_len = ( ssl->handshake->min_tls_version <=
+ MBEDTLS_SSL_VERSION_TLS1_2 ) ? 4 : 2;
*out_len = 0;
@@ -80,7 +80,7 @@
MBEDTLS_SSL_DEBUG_MSG( 3, ( "supported version: [3:4]" ) );
- if( ssl->handshake->min_minor_ver <= MBEDTLS_SSL_MINOR_VERSION_3 )
+ if( ssl->handshake->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_2 )
{
mbedtls_ssl_write_version( p + 2, MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_VERSION_TLS1_2 );
@@ -859,7 +859,7 @@
* expecting it, abort the handshake. Otherwise, switch to TLS 1.2
* handshake.
*/
- if( ssl->handshake->min_minor_ver > MBEDTLS_SSL_MINOR_VERSION_3 )
+ if( ssl->handshake->min_tls_version > MBEDTLS_SSL_VERSION_TLS1_2 )
{
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );