+ || !PACKET_get_net_2(&wholebody, &negversion)
+ /* Skip random (32 bytes) */
+ || !PACKET_forward(&wholebody, 32)
+ /* Skip session id */
+ || !PACKET_get_length_prefixed_1(&wholebody,
+ &sessionid)
+ /*
+ * Skip ciphersuite (2 bytes) and compression
+ * method (1 byte)
+ */
+ || !PACKET_forward(&wholebody, 2 + 1)
+ || !PACKET_get_length_prefixed_2(&wholebody,
+ &extensions))
+ return -1;
+
+ /*
+ * Find the negotiated version in supported_versions
+ * extension, if present.
+ */
+ while (PACKET_remaining(&extensions)) {
+ unsigned int type;
+ PACKET extbody;
+
+ if (!PACKET_get_net_2(&extensions, &type)
+ || !PACKET_get_length_prefixed_2(&extensions,
+ &extbody))
+ return -1;
+
+ if (type == TLSEXT_TYPE_supported_versions
+ && (!PACKET_get_net_2(&extbody, &negversion)
+ || PACKET_remaining(&extbody) != 0))
+ return -1;
+ }
+ }