Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Allow DTLS version negotiation with PSK-NEGOTIATE and OpenSSL 1.0.2
We can use DTLS_client_method() here too.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
  • Loading branch information
David Woodhouse authored and David Woodhouse committed Oct 4, 2016
1 parent 816a2b4 commit 97d97df
Showing 1 changed file with 6 additions and 5 deletions.
11 changes: 6 additions & 5 deletions openssl-dtls.c
Expand Up @@ -253,15 +253,16 @@ int start_dtls_handshake(struct openconnect_info *vpninfo, int dtls_fd)
#endif

if (!vpninfo->dtls_ctx) {
#ifdef HAVE_DTLS12
dtls_method = DTLS_client_method();
#endif
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
if (dtlsver == DTLS1_BAD_VER)
dtls_method = DTLSv1_client_method();
#ifdef HAVE_DTLS12
if (dtlsver == DTLS1_2_VERSION)
else if (dtlsver == DTLS1_2_VERSION)
dtls_method = DTLSv1_2_client_method();
else
#endif
dtls_method = DTLSv1_client_method();
#else
dtls_method = DTLS_client_method();
#endif
vpninfo->dtls_ctx = SSL_CTX_new(dtls_method);
if (!vpninfo->dtls_ctx) {
Expand Down

0 comments on commit 97d97df

Please sign in to comment.