diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2013-04-06 15:50:12 +0100 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2013-04-09 14:02:48 +0100 |
commit | c6913eeb762edffddecaaba5c84909d7a7962927 (patch) | |
tree | a57c3c33e23b846852f00ec4681c6fdeccf8ea85 /ssl/d1_srvr.c | |
parent | 04638f2fc335a6dc2af8e5d556d36e29c261dcd2 (diff) |
Dual DTLS version methods.
Add new methods DTLS_*_method() which support both DTLS 1.0 and DTLS 1.2 and
pick the highest version the peer supports during negotiation.
As with SSL/TLS options can change this behaviour specifically
SSL_OP_NO_DTLSv1 and SSL_OP_NO_DTLSv1_2.
Diffstat (limited to 'ssl/d1_srvr.c')
-rw-r--r-- | ssl/d1_srvr.c | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index f18fb38a12..27f31b6762 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -153,6 +153,13 @@ IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, dtls1_get_server_method, DTLSv1_2_enc_data) +IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, + DTLS_server_method, + dtls1_accept, + ssl_undefined_function, + dtls1_get_server_method, + DTLSv1_2_enc_data) + int dtls1_accept(SSL *s) { BUF_MEM *buf; @@ -884,8 +891,9 @@ int dtls1_send_hello_verify_request(SSL *s) buf = (unsigned char *)s->init_buf->data; msg = p = &(buf[DTLS1_HM_HEADER_LENGTH]); - *(p++) = s->version >> 8; - *(p++) = s->version & 0xFF; + /* Always use DTLS 1.0 version: see RFC 6347 */ + *(p++) = DTLS1_VERSION >> 8; + *(p++) = DTLS1_VERSION & 0xFF; if (s->ctx->app_gen_cookie_cb == NULL || s->ctx->app_gen_cookie_cb(s, s->d1->cookie, |