4 files changed, 33 insertions, 0 deletions

diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index 1588e37ee8..2786b61c29 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -68,6 +68,7 @@
 
 static void get_current_time(struct timeval *t);
 const char dtls1_version_str[]="DTLSv1" OPENSSL_VERSION_PTEXT;
+int dtls1_listen(SSL *s, struct sockaddr *client);
 
 SSL3_ENC_METHOD DTLSv1_enc_data={
     dtls1_enc,
@@ -203,6 +204,9 @@ long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg)
 	case DTLS_CTRL_HANDLE_TIMEOUT:
 		ret = dtls1_handle_timeout(s);
 		break;
+	case DTLS_CTRL_LISTEN:
+		ret = dtls1_listen(s, parg);
+		break;
 
 	default:
 		ret = ssl3_ctrl(s, cmd, larg, parg);
@@ -364,3 +368,17 @@ static void get_current_time(struct timeval *t)
 	gettimeofday(t, NULL);
 #endif
 }
+
+int dtls1_listen(SSL *s, struct sockaddr *client)
+	{
+	int ret;
+
+	SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);
+	s->d1->listen = 1;
+
+	ret = SSL_accept(s);
+	if (ret <= 0) return ret;
+	
+	(void) BIO_dgram_get_peer(SSL_get_rbio(s), client);
+	return 1;
+	}
diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index 00536ad3cd..d79fb1985e 100644
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -274,6 +274,15 @@ int dtls1_accept(SSL *s)
 				s->state = SSL3_ST_SW_SRVR_HELLO_A;
 
 			s->init_num=0;
+
+			/* If we're just listening, stop here */
+			if (s->d1->listen && s->state == SSL3_ST_SW_SRVR_HELLO_A)
+				{
+				ret = 2;
+				s->d1->listen = 0;
+				goto end;
+				}
+			
 			break;
 			
 		case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
diff --git a/ssl/dtls1.h b/ssl/dtls1.h
index 926af1c4c5..c4d3a75111 100644
--- a/ssl/dtls1.h
+++ b/ssl/dtls1.h
@@ -212,6 +212,9 @@ typedef struct dtls1_state_st
 	 */
 	record_pqueue buffered_app_data;
 
+	/* Is set when listening for new connections with dtls1_listen() */
+	unsigned int listen;
+
 	unsigned int mtu; /* max DTLS packet size */
 
 	struct hm_header_st w_msg_hdr;
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 8ad8cdeee1..63bdf42971 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1398,11 +1398,14 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 
 #define DTLS_CTRL_GET_TIMEOUT		73
 #define DTLS_CTRL_HANDLE_TIMEOUT	74
+#define DTLS_CTRL_LISTEN			75
 
 #define DTLSv1_get_timeout(ssl, arg) \
 	SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
 #define DTLSv1_handle_timeout(ssl) \
 	SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL)
+#define DTLSv1_listen(ssl, peer) \
+	SSL_ctrl(ssl,DTLS_CTRL_LISTEN,0, (void *)peer)
 
 #define SSL_session_reused(ssl) \
 	SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL)