From: Dr. Stephen Henson <steve@openssl.org>
Date: Tue, 17 Sep 2013 17:10:37 +0000 (+0100)
Subject: DTLS version usage fixes.
X-Git-Tag: OpenSSL_1_0_2-beta1~260
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=1dfb1b103cd1b0376204bd5e3f0e73adb4ae430b;p=thirdparty%2Fopenssl.git

DTLS version usage fixes.

Make DTLS behave like TLS when negotiating version: record layer has
DTLS 1.0, message version is 1.2.

Tolerate different version numbers if version hasn't been negotiated
yet.
(cherry picked from commit 40088d8b8190a2a33828a769c23bf35de542c7dc)
---

diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
index 1e45c42f924..6b51b8ec6e1 100644
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -1559,9 +1559,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len,
 	 * we haven't decided which version to use yet send back using 
 	 * version 1.0 header: otherwise some clients will ignore it.
 	 */
-	if (s->state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B
-			&& s->method->version == DTLS_ANY_VERSION
-			&& s->client_version == DTLS1_VERSION)
+	if (s->method->version == DTLS_ANY_VERSION)
 		{
 		*(p++)=DTLS1_VERSION>>8;
 		*(p++)=DTLS1_VERSION&0xff;
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 1bad477f044..57259c630c0 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -912,7 +912,7 @@ int ssl3_get_server_hello(SSL *s)
 	/* Hello verify request and/or server hello version may not
 	 * match so set first packet if we're negotiating version.
 	 */
-	if (s->method->version == DTLS_ANY_VERSION)
+	if (SSL_IS_DTLS(s))
 		s->first_packet = 1;
 
 	n=s->method->ssl_get_message(s,