From 21176859e014d77656306675e37a3593f21a5f95 Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Tue, 25 May 2010 15:53:47 +0000
Subject: Enhanced protocol version handling.

---
 lib/ssl/src/ssl_record.erl | 21 +++++++++++++--------
 1 file changed, 13 insertions(+), 8 deletions(-)

(limited to 'lib/ssl')

diff --git a/lib/ssl/src/ssl_record.erl b/lib/ssl/src/ssl_record.erl
index c867848c31..43f18d95a0 100644
--- a/lib/ssl/src/ssl_record.erl
+++ b/lib/ssl/src/ssl_record.erl
@@ -411,16 +411,14 @@ protocol_version(tlsv1) ->
     {3, 1};
 protocol_version(sslv3) ->
     {3, 0};
-protocol_version(sslv2) ->
+protocol_version(sslv2) -> %% Backwards compatibility
     {2, 0};
 protocol_version({3, 2}) ->
     'tlsv1.1';
 protocol_version({3, 1}) ->
     tlsv1;
 protocol_version({3, 0}) ->
-    sslv3;
-protocol_version({2, 0}) ->
-    sslv2.
+    sslv3.
 %%--------------------------------------------------------------------
 %% Function: protocol_version(Version1, Version2) -> #protocol_version{}
 %%     Version1 = Version2 = #protocol_version{}
@@ -468,7 +466,7 @@ highest_protocol_version(_, [Version | Rest]) ->
 %%--------------------------------------------------------------------
 supported_protocol_versions() ->
     Fun = fun(Version) ->
-		  protocol_version(Version)
+		  protocol_version(Version) 
 	  end,
     case application:get_env(ssl, protocol_version) of
 	undefined ->
@@ -476,11 +474,18 @@ supported_protocol_versions() ->
 	{ok, []} ->
 	    lists:map(Fun, ?DEFAULT_SUPPORTED_VERSIONS);
 	{ok, Vsns} when is_list(Vsns) ->
-	    lists:map(Fun, Vsns);
+	    Versions = lists:filter(fun is_acceptable_version/1, lists:map(Fun, Vsns)),
+	    supported_protocol_versions(Versions);
 	{ok, Vsn} ->
-	    [Fun(Vsn)]
+	    Versions = lists:filter(fun is_acceptable_version/1, [Fun(Vsn)]),
+	    supported_protocol_versions(Versions)
     end.
 
+supported_protocol_versions([]) ->
+    ?DEFAULT_SUPPORTED_VERSIONS;
+supported_protocol_versions([_|_] = Vsns) ->
+    Vsns.
+
 %%--------------------------------------------------------------------
 %% Function: is_acceptable_version(Version) -> true | false
 %%     Version = #protocol_version{}
@@ -688,7 +693,7 @@ hash_and_bump_seqno(#connection_state{sequence_number = SeqNo,
 check_hash(_, _) ->
     ok. %% TODO check this 
 
-mac_hash(?NULL, {_,_}, _MacSecret, _SeqNo, _Type,
+mac_hash({_,_}, ?NULL, _MacSecret, _SeqNo, _Type,
 	 _Length, _Fragment) ->
     <<>>;
 mac_hash({3, 0}, MacAlg, MacSecret, SeqNo, Type, Length, Fragment) ->
-- 
cgit v1.2.3