Index: net/socket/ssl_client_socket_nss.cc |
diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc |
index c5869fc3503a5ddfa53abb1b9ba0aecbabbfb442..826c94b03a777b30c844214534b449aa203a3cb7 100644 |
--- a/net/socket/ssl_client_socket_nss.cc |
+++ b/net/socket/ssl_client_socket_nss.cc |
@@ -3314,6 +3314,11 @@ int SSLClientSocketNSS::DoHandshakeComplete(int result) { |
EnterFunction(result); |
if (result == OK) { |
+ if (ssl_config_.version_fallback && |
+ ssl_config_.version_max < ssl_config_.version_fallback_min) { |
+ return ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION; |
davidben
2014/10/07 22:06:30
I believe we're fine, but I want to point this out
agl
2014/10/07 23:59:54
A very good point, thanks! Please see added unit t
|
+ } |
+ |
// SSL handshake is completed. Let's verify the certificate. |
GotoState(STATE_VERIFY_CERT); |
// Done! |