Commit 65a87d3c authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Dual DTLS version methods. 

Add new methods DTLS_*_method() which support both DTLS 1.0 and DTLS 1.2 and
pick the highest version the peer supports during negotiation.

As with SSL/TLS options can change this behaviour specifically
SSL_OP_NO_DTLSv1 and SSL_OP_NO_DTLSv1_2.
(cherry picked from commit c6913eeb)

Conflicts:

	CHANGES
parent b60b9e7a

apps/s_client.c

+5 −0
Original line number Diff line number Diff line
@@ -912,6 +912,11 @@ static char *jpake_secret = NULL; 
			meth=TLSv1_client_method();

#endif

#ifndef OPENSSL_NO_DTLS1

		else if	(strcmp(*argv,"-dtls") == 0)

			{

			meth=DTLS_client_method();

			socket_type=SOCK_DGRAM;

			}

		else if	(strcmp(*argv,"-dtls1") == 0)

			{

			meth=DTLSv1_client_method();

apps/s_server.c

+5 −0
Original line number Diff line number Diff line
@@ -1369,6 +1369,11 @@ int MAIN(int argc, char *argv[]) 
			{ meth=TLSv1_2_server_method(); }

#endif

#ifndef OPENSSL_NO_DTLS1

		else if	(strcmp(*argv,"-dtls") == 0)

			{ 

			meth=DTLS_server_method();

			socket_type = SOCK_DGRAM;

			}

		else if	(strcmp(*argv,"-dtls1") == 0)

			{ 

			meth=DTLSv1_server_method();

ssl/d1_clnt.c

+13 −2
Original line number Diff line number Diff line
@@ -155,6 +155,13 @@ IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, 
			dtls1_get_client_method,

			DTLSv1_2_enc_data)



IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION,

			DTLS_client_method,

			ssl_undefined_function,

			dtls1_connect,

			dtls1_get_client_method,

			DTLSv1_2_enc_data)



int dtls1_connect(SSL *s)

	{

	BUF_MEM *buf=NULL;
@@ -785,12 +792,14 @@ static int dtls1_get_hello_verify(SSL *s) 
	unsigned char *data;

	unsigned int cookie_len;



	s->first_packet = 1;

	n=s->method->ssl_get_message(s,

		DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A,

		DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B,

		-1,

		s->max_cert_list,

		&ok);

	s->first_packet = 0;



	if (!ok) return((int)n);
@@ -802,14 +811,16 @@ static int dtls1_get_hello_verify(SSL *s) 
		}



	data = (unsigned char *)s->init_msg;



	if ((data[0] != (s->version>>8)) || (data[1] != (s->version&0xff)))

#if 0

	if (s->method->version != DTLS_ANY_VERSION &&

		((data[0] != (s->version>>8)) || (data[1] != (s->version&0xff))))

		{

		SSLerr(SSL_F_DTLS1_GET_HELLO_VERIFY,SSL_R_WRONG_SSL_VERSION);

		s->version=(s->version&0xff00)|data[1];

		al = SSL_AD_PROTOCOL_VERSION;

		goto f_err;

		}

#endif

	data+=2;



	cookie_len = *(data++);

ssl/d1_lib.c

+2 −2
Original line number Diff line number Diff line
@@ -267,6 +267,8 @@ void dtls1_clear(SSL *s) 
	ssl3_clear(s);

	if (s->options & SSL_OP_CISCO_ANYCONNECT)

		s->version=DTLS1_BAD_VER;

	else if (s->method->version == DTLS_ANY_VERSION)

		s->version=DTLS1_2_VERSION;

	else

		s->version=s->method->version;

	}
@@ -522,5 +524,3 @@ static int dtls1_handshake_write(SSL *s) 
	{

	return dtls1_do_write(s, SSL3_RT_HANDSHAKE);

	}

ssl/d1_meth.c

+7 −0
Original line number Diff line number Diff line
@@ -86,3 +86,10 @@ IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, 
			dtls1_get_method,

			DTLSv1_2_enc_data)



IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION,

			DTLS_method,

			dtls1_accept,

			dtls1_connect,

			dtls1_get_method,

			DTLSv1_2_enc_data)