> [[email protected] - Sat Dec 20 14:00:34 2008]: > > On Tue, 2008-10-07 at 10:12 +0100, David Woodhouse wrote: > > This patch against the 0.9.8 branch adds an SSL option for compatibility > > with the pre-RFC version of DTLS used by Cisco for their AnyConnect SSL > > VPN. This is RT #1751. > > > > With this patch, and with the two bug fixes I just posted, I now have a > > fully functional client operating with Cisco's VPN servers. > > Leaving aside the question of adding this to HEAD, can we please at > least add it to the 0.9.8 branch?
Adding to HEAD seems less problematic. Anyway, I'm mostly happy with this patch, except from d1_pkt.c, shouldn't: if (s->client_version == DTLS1_BAD_VER || s->version == DTLS1_BAD_VER) ccs_hdr_len = 3; be if (s->client_version == DTLS1_BAD_VER || (s->options & SSL_OP_CISCO_ANYCONNECT)) ccs_hdr_len = 3; also, the patch as an attachment would be nice. > > We're shipping a completely functional client for this VPN now, and all > that remains is to get the pre-RFC version of DTLS working again, which > is implemented by this patch. > > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
