diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2013-04-06 15:50:12 +0100 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2013-04-09 14:02:48 +0100 |
commit | c6913eeb762edffddecaaba5c84909d7a7962927 (patch) | |
tree | a57c3c33e23b846852f00ec4681c6fdeccf8ea85 /ssl/d1_pkt.c | |
parent | 04638f2fc335a6dc2af8e5d556d36e29c261dcd2 (diff) | |
download | openssl-new-c6913eeb762edffddecaaba5c84909d7a7962927.tar.gz |
Dual DTLS version methods.
Add new methods DTLS_*_method() which support both DTLS 1.0 and DTLS 1.2 and
pick the highest version the peer supports during negotiation.
As with SSL/TLS options can change this behaviour specifically
SSL_OP_NO_DTLSv1 and SSL_OP_NO_DTLSv1_2.
Diffstat (limited to 'ssl/d1_pkt.c')
-rw-r--r-- | ssl/d1_pkt.c | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index 995e6576e0..9b600fdf53 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -1546,9 +1546,22 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len, *(p++)=type&0xff; wr->type=type; - - *(p++)=(s->version>>8); - *(p++)=s->version&0xff; + /* Special case: for hello verify request, client version 1.0 and + * we haven't decided which version to use yet send back using + * version 1.0 header: otherwise some clients will ignore it. + */ + if (s->state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B + && s->method->version == DTLS_ANY_VERSION + && s->client_version == DTLS1_VERSION) + { + *(p++)=DTLS1_VERSION>>8; + *(p++)=DTLS1_VERSION&0xff; + } + else + { + *(p++)=s->version>>8; + *(p++)=s->version&0xff; + } /* field where we are to write out packet epoch, seq num and len */ pseq=p; |