aboutsummaryrefslogtreecommitdiffstats
path: root/src/tls/cert_req.cpp
diff options
context:
space:
mode:
authorlloyd <[email protected]>2012-07-12 21:25:46 +0000
committerlloyd <[email protected]>2012-07-12 21:25:46 +0000
commit43836c6fd15a944dce1ca25bb0d019ede3ef75e7 (patch)
treea6ea3bd16cb4b4d2ea94428ccafaa2bd54d8ba6a /src/tls/cert_req.cpp
parent71c8f3803819464db90226c22e77f5a13ef2c38d (diff)
Changes to version handling in support of DTLS work.
Add a few 'feature tests' to Protocol_Version which helps avoid some explicit comparisons. Additionally, remove the relational comparisons, except for operator> which is still used in a few locations. TLS::Policy has changed and no longer has min_version. The new hook that replaces it is acceptable_protocol_version, which should return true if and only if we are willing to negotiate the version returned. This leads to a somewhat cleaner result and additionally allows one to do maybe interesting though mostly useless things like allowing TLS 1.0 or 1.2 but not 1.1. Fix the version sent in the (unused) DTLS hello verify message.
Diffstat (limited to 'src/tls/cert_req.cpp')
-rw-r--r--src/tls/cert_req.cpp4
1 files changed, 2 insertions, 2 deletions
diff --git a/src/tls/cert_req.cpp b/src/tls/cert_req.cpp
index f97238d54..4578148f5 100644
--- a/src/tls/cert_req.cpp
+++ b/src/tls/cert_req.cpp
@@ -64,7 +64,7 @@ Certificate_Req::Certificate_Req(Record_Writer& writer,
cert_key_types.push_back("DSA");
cert_key_types.push_back("ECDSA");
- if(version >= Protocol_Version::TLS_V12)
+ if(version.supports_negotiable_signature_algorithms())
{
std::vector<std::string> hashes = policy.allowed_signature_hashes();
std::vector<std::string> sigs = policy.allowed_signature_methods();
@@ -100,7 +100,7 @@ Certificate_Req::Certificate_Req(const std::vector<byte>& buf,
cert_key_types.push_back(cert_type_name);
}
- if(version >= Protocol_Version::TLS_V12)
+ if(version.supports_negotiable_signature_algorithms())
{
std::vector<byte> sig_hash_algs = reader.get_range_vector<byte>(2, 2, 65534);