From 490ecc8c3e84deac38288340a8bd67a88b65996e Mon Sep 17 00:00:00 2001
From: Paul Bakker <p.j.bakker@polarssl.org>
Date: Thu, 6 Oct 2011 13:04:09 +0000
Subject: [PATCH]  - Added ssl_set_max_version() to set the client's maximum
 sent version number

---
 ChangeLog              |  3 +++
 include/polarssl/ssl.h | 10 ++++++++++
 library/ssl_cli.c      |  7 +++++--
 library/ssl_tls.c      |  6 ++++++
 4 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 63ec3685c..815d1a576 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,9 @@ Features
    * Added ssl_session_reset() to allow better multi-connection pools of
      SSL contexts without needing to set all non-connection-specific
 	 data and pointers again. Adapted ssl_server to use this functionality.
+   * Added ssl_set_max_version() to allow clients to offer a lower maximum
+     supported version to a server to help buggy server implementations.
+	 (Closes ticket #36)
 
 = Version 1.0.0 released on 2011-07-27
 Features
diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index 8cdb63679..5e2cae3ce 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -564,6 +564,16 @@ int ssl_set_dh_param_ctx( ssl_context *ssl, dhm_context *dhm_ctx );
  */
 int ssl_set_hostname( ssl_context *ssl, const char *hostname );
 
+/**
+ * \brief          Set the maximum supported version sent from the client side
+ * 
+ * \param ssl      SSL context
+ * \param major    Major version number (only SSL_MAJOR_VERSION_3 supported)
+ * \param minor    Minor version number (SSL_MINOR_VERSION_0,
+ *                 SSL_MINOR_VERSION_1 and SSL_MINOR_VERSION_2 supported)
+ */
+void ssl_set_max_version( ssl_context *ssl, int major, int minor );
+
 /**
  * \brief          Return the number of data bytes available to read
  *
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 7e6e4c6fa..864415153 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -51,8 +51,11 @@ static int ssl_write_client_hello( ssl_context *ssl )
     ssl->major_ver = SSL_MAJOR_VERSION_3;
     ssl->minor_ver = SSL_MINOR_VERSION_0;
 
-    ssl->max_major_ver = SSL_MAJOR_VERSION_3;
-    ssl->max_minor_ver = SSL_MINOR_VERSION_2;
+    if( ssl->max_major_ver == 0 && ssl->max_minor_ver == 0 )
+    {
+        ssl->max_major_ver = SSL_MAJOR_VERSION_3;
+        ssl->max_minor_ver = SSL_MINOR_VERSION_2;
+    }
 
     /*
      *     0  .   0   handshake type
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 7e6e86ceb..c3644ad03 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1920,6 +1920,12 @@ int ssl_set_hostname( ssl_context *ssl, const char *hostname )
     return( 0 );
 }
 
+void ssl_set_max_version( ssl_context *ssl, int major, int minor )
+{
+    ssl->max_major_ver = major;
+    ssl->max_minor_ver = minor;
+}
+
 /*
  * SSL get accessors
  */