Dual DTLS version methods.

Add new methods DTLS_*_method() which support both DTLS 1.0 and DTLS 1.2 and pick the highest version the peer supports during negotiation. As with SSL/TLS options can change this behaviour specifically SSL_OP_NO_DTLSv1 and SSL_OP_NO_DTLSv1_2.
author: Dr. Stephen Henson <steve@openssl.org> 2013-04-06 15:50:12 +0100
committer: Dr. Stephen Henson <steve@openssl.org> 2013-04-09 14:02:48 +0100
commit: c6913eeb762edffddecaaba5c84909d7a7962927 (patch)
tree: a57c3c33e23b846852f00ec4681c6fdeccf8ea85 /ssl/d1_srvr.c
parent: 04638f2fc335a6dc2af8e5d556d36e29c261dcd2 (diff)
1 files changed, 10 insertions, 2 deletions
diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index f18fb38a12..27f31b6762 100644
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -153,6 +153,13 @@ IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION,
 			dtls1_get_server_method,
 			DTLSv1_2_enc_data)
 
+IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION,
+			DTLS_server_method,
+			dtls1_accept,
+			ssl_undefined_function,
+			dtls1_get_server_method,
+			DTLSv1_2_enc_data)
+
 int dtls1_accept(SSL *s)
 	{
 	BUF_MEM *buf;
@@ -884,8 +891,9 @@ int dtls1_send_hello_verify_request(SSL *s)
 		buf = (unsigned char *)s->init_buf->data;
 
 		msg = p = &(buf[DTLS1_HM_HEADER_LENGTH]);
-		*(p++) = s->version >> 8;
-		*(p++) = s->version & 0xFF;
+		/* Always use DTLS 1.0 version: see RFC 6347 */
+		*(p++) = DTLS1_VERSION >> 8;
+		*(p++) = DTLS1_VERSION & 0xFF;
 
 		if (s->ctx->app_gen_cookie_cb == NULL ||
 		     s->ctx->app_gen_cookie_cb(s, s->d1->cookie,
author	Dr. Stephen Henson <steve@openssl.org>	2013-04-06 15:50:12 +0100
committer	Dr. Stephen Henson <steve@openssl.org>	2013-04-09 14:02:48 +0100
commit	c6913eeb762edffddecaaba5c84909d7a7962927 (patch)
tree	a57c3c33e23b846852f00ec4681c6fdeccf8ea85 /ssl/d1_srvr.c
parent	04638f2fc335a6dc2af8e5d556d36e29c261dcd2 (diff)