diff --git a/src/tls/tlsv1_client_read.c b/src/tls/tlsv1_client_read.c index 457c3b00f..740aab414 100644 --- a/src/tls/tlsv1_client_read.c +++ b/src/tls/tlsv1_client_read.c @@ -81,9 +81,7 @@ static int tls_process_server_hello(struct tlsv1_client *conn, u8 ct, if (end - pos < 2) goto decode_error; tls_version = WPA_GET_BE16(pos); - if (tls_version != TLS_VERSION_1 && - (tls_version != TLS_VERSION_1_1 || - TLS_VERSION == TLS_VERSION_1)) { + if (!tls_version_ok(tls_version)) { wpa_printf(MSG_DEBUG, "TLSv1: Unexpected protocol version in " "ServerHello %u.%u", pos[0], pos[1]); tls_alert(conn, TLS_ALERT_LEVEL_FATAL, @@ -93,7 +91,7 @@ static int tls_process_server_hello(struct tlsv1_client *conn, u8 ct, pos += 2; wpa_printf(MSG_DEBUG, "TLSv1: Using TLS v%s", - tls_version == TLS_VERSION_1_1 ? "1.1" : "1.0"); + tls_version_str(tls_version)); conn->rl.tls_version = tls_version; /* Random random */ diff --git a/src/tls/tlsv1_common.c b/src/tls/tlsv1_common.c index 2f9dd0fa8..67b56df24 100644 --- a/src/tls/tlsv1_common.c +++ b/src/tls/tlsv1_common.c @@ -1,6 +1,6 @@ /* * TLSv1 common routines - * Copyright (c) 2006-2007, Jouni Malinen + * Copyright (c) 2006-2011, Jouni Malinen * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 as @@ -239,3 +239,29 @@ void tls_verify_hash_free(struct tls_verify_hash *verify) verify->sha1_server = NULL; verify->sha1_cert = NULL; } + + +int tls_version_ok(u16 ver) +{ + if (ver == TLS_VERSION_1) + return 1; +#ifdef CONFIG_TLSV11 + if (ver == TLS_VERSION_1_1) + return 1; +#endif /* CONFIG_TLSV11 */ + + return 0; +} + + +const char * tls_version_str(u16 ver) +{ + switch (ver) { + case TLS_VERSION_1: + return "1.0"; + case TLS_VERSION_1_1: + return "1.1"; + } + + return "?"; +} diff --git a/src/tls/tlsv1_common.h b/src/tls/tlsv1_common.h index 712d2764b..0c4f7df0d 100644 --- a/src/tls/tlsv1_common.h +++ b/src/tls/tlsv1_common.h @@ -218,5 +218,7 @@ int tls_verify_hash_init(struct tls_verify_hash *verify); void tls_verify_hash_add(struct tls_verify_hash *verify, const u8 *buf, size_t len); void tls_verify_hash_free(struct tls_verify_hash *verify); +int tls_version_ok(u16 ver); +const char * tls_version_str(u16 ver); #endif /* TLSV1_COMMON_H */ diff --git a/src/tls/tlsv1_server_read.c b/src/tls/tlsv1_server_read.c index 9ffe05c50..192b71e48 100644 --- a/src/tls/tlsv1_server_read.c +++ b/src/tls/tlsv1_server_read.c @@ -1,6 +1,6 @@ /* * TLSv1 server - read handshake message - * Copyright (c) 2006-2007, Jouni Malinen + * Copyright (c) 2006-2011, Jouni Malinen * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 as @@ -103,7 +103,7 @@ static int tls_process_client_hello(struct tlsv1_server *conn, u8 ct, else conn->rl.tls_version = conn->client_version; wpa_printf(MSG_DEBUG, "TLSv1: Using TLS v%s", - conn->rl.tls_version == TLS_VERSION_1_1 ? "1.1" : "1.0"); + tls_version_str(conn->rl.tls_version)); /* Random random */ if (end - pos < TLS_RANDOM_LEN)