return 0;
#endif
- if (SSL_version(s) == DTLS1_VERSION ||
- SSL_version(s) == DTLS1_BAD_VER)
+ if (SSL_IS_DTLS(s))
{
s->d1->mtu = larg;
return larg;
long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,void *parg)
{
long l;
+ /* For some cases with ctx == NULL perform syntax checks */
+ if (ctx == NULL)
+ {
+ switch (cmd)
+ {
+ case SSL_CTRL_SET_CURVES_LIST:
+ return tls1_set_curves_list(NULL, NULL, parg);
+ case SSL_CTRL_SET_SIGALGS_LIST:
+ case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
+ return tls1_set_sigalgs_list(NULL, parg, 0);
+ default:
+ return 0;
+ }
+ }
switch (cmd)
{
SSL_CIPHER *c;
CERT *ct = s->cert;
unsigned char *q;
+ int no_scsv = s->renegotiate;
/* Set disabled masks for this session */
ssl_set_client_disabled(s);
c->algorithm_mkey & ct->mask_k ||
c->algorithm_auth & ct->mask_a)
continue;
+#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
+ if (c->id == SSL3_CK_SCSV)
+ {
+ if (no_scsv)
+ continue;
+ else
+ no_scsv = 1;
+ }
+#endif
j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p);
p+=j;
}
/* If p == q, no ciphers and caller indicates an error. Otherwise
* add SCSV if not renegotiating.
*/
- if (p != q && !s->renegotiate)
+ if (p != q && !no_scsv)
{
static SSL_CIPHER scsv =
{
CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data);
ret->extra_certs=NULL;
- ret->comp_methods=SSL_COMP_get_compression_methods();
+ /* No compression for DTLS */
+ if (!(meth->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS))
+ ret->comp_methods=SSL_COMP_get_compression_methods();
ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
/* Broken protocol test: return last used certificate: which may
* mismatch the one expected.
*/
- if (c->cert_flags & SSL_CERT_FLAG_BROKEN_PROTCOL)
+ if (c->cert_flags & SSL_CERT_FLAG_BROKEN_PROTOCOL)
return c->key;
#endif
/* Broken protocol test: use last key: which may
* mismatch the one expected.
*/
- if (c->cert_flags & SSL_CERT_FLAG_BROKEN_PROTCOL)
+ if (c->cert_flags & SSL_CERT_FLAG_BROKEN_PROTOCOL)
idx = c->key - c->pkeys;
else
#endif