Do not resume a session if the negotiated protocol version does not match

[openssl.git] / ssl / dtls1.h

diff --git a/ssl/dtls1.h b/ssl/dtls1.h
index b5042ea5fd22fc703867e022233de5e4f2c5bf39..af86f60fb566d08384cf48b96e24b2a38d4e575b 100644 (file)
--- a/ssl/dtls1.h
+++ b/ssl/dtls1.h
@@ -84,8 +84,14 @@ extern "C" {
 #endif
 
 #define DTLS1_VERSION                  0xFEFF
+#define DTLS1_2_VERSION                        0xFEFD
+#define DTLS_MAX_VERSION               DTLS1_2_VERSION
+
 #define DTLS1_BAD_VER                  0x0100
 
+/* Special value for method supporting multiple versions */
+#define DTLS_ANY_VERSION               0x1FFFF
+
 #if 0
 /* this alert description is not specified anywhere... */
 #define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE    110
@@ -236,7 +242,7 @@ typedef struct dtls1_state_st
 
        struct dtls1_timeout_st timeout;
 
-       /* Indicates when the last handshake msg sent will timeout */
+       /* Indicates when the last handshake msg or heartbeat sent will timeout */
        struct timeval next_timeout;
 
        /* Timeout duration */
@@ -250,6 +256,10 @@ typedef struct dtls1_state_st
        unsigned int handshake_fragment_len;
 
        unsigned int retransmitting;
+       /*
+        * Set when the handshake is ready to process peer's ChangeCipherSpec message.
+        * Cleared after the message has been processed.
+        */
        unsigned int change_cipher_spec_ok;
 
 #ifndef OPENSSL_NO_SCTP
@@ -284,4 +294,3 @@ typedef struct dtls1_record_data_st
 }
 #endif
 #endif
-