Dual DTLS version methods.

Add new methods DTLS_*_method() which support both DTLS 1.0 and DTLS 1.2 and pick the highest version the peer supports during negotiation. As with SSL/TLS options can change this behaviour specifically SSL_OP_NO_DTLSv1 and SSL_OP_NO_DTLSv1_2.
author: Dr. Stephen Henson <steve@openssl.org> 2013-04-06 15:50:12 +0100
committer: Dr. Stephen Henson <steve@openssl.org> 2013-04-09 14:02:48 +0100
commit: c6913eeb762edffddecaaba5c84909d7a7962927 (patch)
tree: a57c3c33e23b846852f00ec4681c6fdeccf8ea85 /ssl/d1_pkt.c
parent: 04638f2fc335a6dc2af8e5d556d36e29c261dcd2 (diff)
1 files changed, 16 insertions, 3 deletions
diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
index 995e6576e0..9b600fdf53 100644
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -1546,9 +1546,22 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len,
 
 	*(p++)=type&0xff;
 	wr->type=type;
-
-	*(p++)=(s->version>>8);
-	*(p++)=s->version&0xff;
+	/* Special case: for hello verify request, client version 1.0 and
+	 * we haven't decided which version to use yet send back using 
+	 * version 1.0 header: otherwise some clients will ignore it.
+	 */
+	if (s->state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B
+			&& s->method->version == DTLS_ANY_VERSION
+			&& s->client_version == DTLS1_VERSION)
+		{
+		*(p++)=DTLS1_VERSION>>8;
+		*(p++)=DTLS1_VERSION&0xff;
+		}
+	else
+		{
+		*(p++)=s->version>>8;
+		*(p++)=s->version&0xff;
+		}
 
 	/* field where we are to write out packet epoch, seq num and len */
 	pseq=p;
author	Dr. Stephen Henson <steve@openssl.org>	2013-04-06 15:50:12 +0100
committer	Dr. Stephen Henson <steve@openssl.org>	2013-04-09 14:02:48 +0100
commit	c6913eeb762edffddecaaba5c84909d7a7962927 (patch)
tree	a57c3c33e23b846852f00ec4681c6fdeccf8ea85 /ssl/d1_pkt.c
parent	04638f2fc335a6dc2af8e5d556d36e29c261dcd2 (diff)