DTLS version usage fixes.

Make DTLS behave like TLS when negotiating version: record layer has DTLS 1.0, message version is 1.2. Tolerate different version numbers if version hasn't been negotiated yet. (cherry picked from commit 40088d8b8190a2a33828a769c23bf35de542c7dc)
author: Dr. Stephen Henson <steve@openssl.org> 2013-09-17 18:10:37 +0100
committer: Dr. Stephen Henson <steve@openssl.org> 2013-09-18 13:47:05 +0100
commit: 1dfb1b103cd1b0376204bd5e3f0e73adb4ae430b (patch)
tree: 85e1569c23069bf73a40a4e17b2580cc343abd8c /ssl
parent: 6e1987ca1da37dcfc7d11495e0139c34a0c8c8bb (diff)
2 files changed, 2 insertions, 4 deletions
diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
index 1e45c42f92..6b51b8ec6e 100644
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -1559,9 +1559,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len,
 	 * we haven't decided which version to use yet send back using 
 	 * version 1.0 header: otherwise some clients will ignore it.
 	 */
-	if (s->state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B
-			&& s->method->version == DTLS_ANY_VERSION
-			&& s->client_version == DTLS1_VERSION)
+	if (s->method->version == DTLS_ANY_VERSION)
 		{
 		*(p++)=DTLS1_VERSION>>8;
 		*(p++)=DTLS1_VERSION&0xff;
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 1bad477f04..57259c630c 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -912,7 +912,7 @@ int ssl3_get_server_hello(SSL *s)
 	/* Hello verify request and/or server hello version may not
 	 * match so set first packet if we're negotiating version.
 	 */
-	if (s->method->version == DTLS_ANY_VERSION)
+	if (SSL_IS_DTLS(s))
 		s->first_packet = 1;
 
 	n=s->method->ssl_get_message(s,
author	Dr. Stephen Henson <steve@openssl.org>	2013-09-17 18:10:37 +0100
committer	Dr. Stephen Henson <steve@openssl.org>	2013-09-18 13:47:05 +0100
commit	1dfb1b103cd1b0376204bd5e3f0e73adb4ae430b (patch)
tree	85e1569c23069bf73a40a4e17b2580cc343abd8c /ssl
parent	6e1987ca1da37dcfc7d11495e0139c34a0c8c8bb (diff)