tls-crypto: Only log modified TLS versions if successfully set
authorTobias Brunner <tobias@strongswan.org>
Thu, 14 Jan 2021 14:11:13 +0000 (15:11 +0100)
committerTobias Brunner <tobias@strongswan.org>
Fri, 12 Feb 2021 13:35:23 +0000 (14:35 +0100)
If no cipher suites are available, the new versions are the previous
values but reversed (i.e. the versions were not changed but we still
ended up with a log message saying "TLS min/max TLS 1.3/TLS 1.0 ...").

Also switched to using the numeric version names to avoid the repeated
"TLS" prefix.

src/libtls/tls_crypto.c

index e8126c0..23c3637 100644 (file)
@@ -1222,12 +1222,12 @@ static void build_cipher_suite_list(private_tls_crypto_t *this)
        new_max_version = min(new_max_version, max_version);
        new_min_version = max(new_min_version, min_version);
 
-       if (min_version != new_min_version || max_version != new_max_version)
+       if ((min_version != new_min_version || max_version != new_max_version) &&
+               this->tls->set_version(this->tls, new_min_version, new_max_version))
        {
-               this->tls->set_version(this->tls, new_min_version, new_max_version);
                DBG2(DBG_TLS, "TLS min/max %N/%N according to the cipher suites",
-                        tls_version_names, new_min_version,
-                        tls_version_names, new_max_version);
+                        tls_numeric_version_names, new_min_version,
+                        tls_numeric_version_names, new_max_version);
        }
 }