Address some supported_versions review comments

[openssl.git] / ssl / statem / statem_clnt.c

diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 004383c41318fae8a59fb2ddc0958fdec724b45c..e0d53fe33b546872f6b404da0f86902a650a6a88 100644 (file)
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -703,6 +703,7 @@ int tls_construct_client_hello(SSL *s, WPACKET *pkt)
     SSL_COMP *comp;
 #endif
     SSL_SESSION *sess = s->session;
+    int client_version;
 
     if (!WPACKET_set_max_size(pkt, SSL3_RT_MAX_PLAIN_LENGTH)) {
         /* Should not happen */
@@ -783,10 +784,8 @@ int tls_construct_client_hello(SSL *s, WPACKET *pkt)
      * For TLS 1.3 we always set the ClientHello version to 1.2 and rely on the
      * supported_versions extension for the real supported versions.
      */
-    if (!WPACKET_put_bytes_u16(pkt,
-                               (!SSL_IS_DTLS(s)
-                                   && s->client_version >= TLS1_3_VERSION)
-                               ? TLS1_2_VERSION : s->client_version)
+    client_version = SSL_IS_TLS13(s) ? TLS1_2_VERSION : s->client_version;
+    if (!WPACKET_put_bytes_u16(pkt, client_version)
             || !WPACKET_memcpy(pkt, s->s3->client_random, SSL3_RANDOM_SIZE)) {
         SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
         return 0;