DTLS version usage fixes.

Make DTLS behave like TLS when negotiating version: record layer has
DTLS 1.0, message version is 1.2.

Tolerate different version numbers if version hasn't been negotiated
yet.
(cherry picked from commit 40088d8b8190a2a33828a769c23bf35de542c7dc)

diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
index 1e45c42f924fc8404743436a3b209d6085dafa8e..6b51b8ec6e10b3fb62e58c950edd1e8da6c59716 100644 (file)
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -1559,9 +1559,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len,
         * we haven't decided which version to use yet send back using 
         * version 1.0 header: otherwise some clients will ignore it.
         */
-       if (s->state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B
-                       && s->method->version == DTLS_ANY_VERSION
-                       && s->client_version == DTLS1_VERSION)
+       if (s->method->version == DTLS_ANY_VERSION)
                {
                *(p++)=DTLS1_VERSION>>8;
                *(p++)=DTLS1_VERSION&0xff;

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 1bad477f044447897997c1045bccbd9cb18bee91..57259c630c067da95fc528e0be797f29de3a2c49 100644 (file)
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -912,7 +912,7 @@ int ssl3_get_server_hello(SSL *s)
        /* Hello verify request and/or server hello version may not
         * match so set first packet if we're negotiating version.
         */
-       if (s->method->version == DTLS_ANY_VERSION)
+       if (SSL_IS_DTLS(s))
                s->first_packet = 1;
 
        n=s->method->ssl_get_message(s,