Make DTLS1_BAD_VER work with DTLS_client_method()

DTLSv1_client_method() is deprecated, but it was the only way to obtain DTLS1_BAD_VER support. The SSL_OP_CISCO_ANYCONNECT hack doesn't work with DTLS_client_method(), and it's relatively non-trivial to make it work without expanding the hack into lots of places. So deprecate SSL_OP_CISCO_ANYCONNECT with DTLSv1_client_method(), and make it work with SSL_CTX_set_{min,max}_proto_version(DTLS1_BAD_VER) instead. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
author: David Woodhouse <David.Woodhouse@intel.com> 2016-07-25 18:03:27 +0100
committer: Matt Caswell <matt@openssl.org> 2016-08-04 20:56:24 +0100
commit: 032924c4b4104654ff8659b4701e4ab25872a12e (patch)
tree: a7b5757cae6a997fe0fbbbfce6117c4bcd41b0a7 /ssl/methods.c
parent: 387cf21345f981d3897f88a6479d8e60721c2c6b (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/ssl/methods.c b/ssl/methods.c
index aeed8c72bd..7d27f9d8ff 100644
--- a/ssl/methods.c
+++ b/ssl/methods.c
@@ -191,6 +191,11 @@ IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1,
                           ssl_undefined_function,
                           ossl_statem_connect,
                           DTLSv1_enc_data)
+IMPLEMENT_dtls1_meth_func(DTLS1_BAD_VER, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1,
+                          dtls_bad_ver_client_method,
+                          ssl_undefined_function,
+                          ossl_statem_connect,
+                          DTLSv1_enc_data)
 #endif
 
 #ifndef OPENSSL_NO_DTLS1_2_METHOD
author	David Woodhouse <David.Woodhouse@intel.com>	2016-07-25 18:03:27 +0100
committer	Matt Caswell <matt@openssl.org>	2016-08-04 20:56:24 +0100
commit	032924c4b4104654ff8659b4701e4ab25872a12e (patch)
tree	a7b5757cae6a997fe0fbbbfce6117c4bcd41b0a7 /ssl/methods.c
parent	387cf21345f981d3897f88a6479d8e60721c2c6b (diff)