use TLS1_get_version macro to check version so TLS v1.2 changes don't interfere with DTLS

author: Dr. Stephen Henson <steve@openssl.org> 2011-05-25 11:43:17 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2011-05-25 11:43:17 +0000
commit: 277f8a34f4041fb9e7b00e998e079d7fecd075a9 (patch)
tree: 616e616fb31ecca3eb5ebbcfeec81a50b2f4410d /ssl/ssl_lib.c
parent: 4dde470865ae2421e4ebd55e936ddb25238608a2 (diff)
download: openssl-new-277f8a34f4041fb9e7b00e998e079d7fecd075a9.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index b21b42927d..2cd78c13cc 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2094,7 +2094,7 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
 			SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT);
 			return 0;
 			}
-		if ((alg_k & SSL_kECDHe) && s->version < TLS1_2_VERSION)
+		if ((alg_k & SSL_kECDHe) && TLS1_get_version(s) < TLS1_2_VERSION)
 			{
 			/* signature alg must be ECDSA */
 			if (signature_nid != NID_ecdsa_with_SHA1)
@@ -2103,7 +2103,7 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
 				return 0;
 				}
 			}
-		if ((alg_k & SSL_kECDHr) && s->version < TLS1_2_VERSION)
+		if ((alg_k & SSL_kECDHr) && TLS1_get_version(s) < TLS1_2_VERSION)
 			{
 			/* signature alg must be RSA */
author	Dr. Stephen Henson <steve@openssl.org>	2011-05-25 11:43:17 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2011-05-25 11:43:17 +0000
commit	277f8a34f4041fb9e7b00e998e079d7fecd075a9 (patch)
tree	616e616fb31ecca3eb5ebbcfeec81a50b2f4410d /ssl/ssl_lib.c
parent	4dde470865ae2421e4ebd55e936ddb25238608a2 (diff)
download	openssl-new-277f8a34f4041fb9e7b00e998e079d7fecd075a9.tar.gz